hi there
i have 3 layer access level like this
admins
sellers
customers
each of theme can have different type of access like customers who logged in or whom are guest, etc
what is best way to implement this authentication manager
thanks
hi there
i have 3 layer access level like this
admins
sellers
customers
each of theme can have different type of access like customers who logged in or whom are guest, etc
what is best way to implement this authentication manager
thanks
Hi
A. All my tables have a column called security_level.
This column can have a value of 1, 2 or 3.
1 = Records created by the user.
2 = System records that the user may read, but not write.
3 = System records that the user may not CRUD at all.
B. Then I create roles with permissions:
Admins may:
etc.
Sellers may:
read records with security_level >= 1 and <= 2
create records with security_level = 1
etc.
Customers may:
etc.
C. Users are placed in groups that are linked to certain roles. So a user may have many roles.
D. My controller action sets a flag to state what CRUD action should be performed on the record.
E. Then I use default scope, beforeValidate()/beforeSave() and beforeDelete() to check if the user has any role that gives him permission to perform the requested CRUD action on that record.
It works great, because default scope also checks records read via Relational Query.
Here is a link to a default scope example.
Hope this helps.
This should guide U and help:
http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#role-based-access-control