I want to check access for an “team admin”, each user can be assigned to a team by it’s team id. So I have the following AuthItem in my Db:
name: team admin
type: 2
description: The team admin description
bizrule: NULL
So, to assign a specific user to “team admin” with a specific team, I guess that Yii’s workflow would be creating a AuthAssignment as follows:
itemname: team admin
userid: foo
bizrule: return $data['team_id'] == $params['team_id'];
data: a:1:{s:7:"team_id";s:1:"1";}
And then checking access with:
<?php
if (Yii::app()->user->checkAccess('team admin', array('team_id' => $Team->id)))
return "Yay... you're team admin, good for you";
else
return "Shame shame, you're just an ordinary user";
?>
If this is the way to work, I will refuse to use this workflow. Since it will generate tons of user assignments with PHP bizrules in the Db (which I’m not flattered with in the first place, PHP logic should simply not be stored in the Db). This seems to me like really bad design, since my access logic will be replicated hundreds of times, while I would like to keep my bizrule in one place and even preferably not in the Db.
But, I hate differentiating from the core, so I’m wondering if I’m seeing this all wrong. Is the above the pattern in which Yii is meant to work? Or am I going to have to build my own authentication manager?