Account management how to in YII


I’m building a web app and I’m trying to determine the best way to control access to various records in the database to only be available to any user under a certain account ID. For example if I signup for an account and add 5 users to my account, then any one of these users can have access to the records under my account. I implemented this in my database tables, so the account id is stored on all my tables. I’m now at the point of trying to determine how to implement this in YII.

The solution needs to be secure, because it would be bad news if other users were able to see confidential data. The way I thought about doing this is to add logic to check the accountid of the current user and validate the users account id with the record the user is trying to access. I was going to add the controls in my model files for the following events:




I was going to apply the changes to all my models. Before I spend a bunch of time doing this, I thought it might be worthwhile to get some advice from the forum. Does the above seem like a good approach? If there are other suggestions I’d love to hear as I’m a little new at this.