Business Rules In Cgridview?

Hi everyone,

I am developing an event application. So people can add, update, list and delete events. Basically it’s just CRUD. However I’m using Rights (/RBAC) for controlling who has access to which features. Until now access looks like that (this is the same structure as it is created by Gii):


  • Add Event (actionCreate)

  • Delete Event (actionDelete)

  • Update Event (actionUpdate)

  • List Event (actionIndex)

  • Admin Event (actionAdmin)


  • List Event (actionIndex)

But now I want an additional Role "organizer" which should also be able to do these things:

  • Add Event (actionCreate)

  • Delete own Event

  • Update own Event

  • Admin own events

While deleteOwn and update Own is covered in nearly every guide to RBAC, I’m still struggling with the last one. So basically I have 2 problems:

  1. I want organizers to be able to access actionAdmin, but they should only see their own events.

  2. Admins should be able to modify all the event infos, organizers only some. How should I do this? Use checkAccess() for every action in my update-View? And if so what should I check? Because just distinguish between admins and organizers might not be sufficient in the future but making an Operation/Task for every little info also seems like a lot of work.

Thank you for any help.

Hi Tropi

If you have the users saved in the database, it should be pretty easy add a user_id field in you events table and populate that user_id and pull the events for based on the same user_id, it all goes back to how you structure you database.

If I would solve it like that, all the admins would only see their events as well, right? I need to distinguish this somehow.

Hi Tropi

Okay if you dont take that approach how else are you going to define what events were posted by organizers. unless have other way of doing it

should be easy enough You can add a condition something like

if(user is admin)

show all the events

elseif( user is orginzer)

show only events that are posted by him


you default

how you structured your database, may be you can post you schema