Admin can delete other admins

Hey guys,

I’ve started using RBAC for access control and it works beautifully.

In my system I have 3 levels of administrators: 1) Admin, 2) SuperMod and 3) Mod.

Each administrator type should have the ability to delete any registered user, but only administrators that are of a lower level then him. So for example an Admin can delete SuperMods and Mods, SuperMod can delete Mod and Mod can only delete registered users.

How would I go about implementing this with RBAC?

ATM I am simply doing the check Yii::app()->user->checkAccess(‘deleteUser’) which allows Admins to delete other Admins, Mods to delete Admins, etc.

How can this be done?


Usually if there are any additional condition, I would add an "AND" operator in the if

for example :

if (Yii::app()->user->checkAccess('deleteUser') && canDelete($someparams))

AFAIK, we can’t add additional condition in RBAC