Cdbauthmanager And Complex Authassignments

I want to check access for an “team admin”, each user can be assigned to a team by it’s team id. So I have the following AuthItem in my Db:

name: team admin

type: 2

description: The team admin description

bizrule: NULL

So, to assign a specific user to “team admin” with a specific team, I guess that Yii’s workflow would be creating a AuthAssignment as follows:

itemname: team admin

userid: foo

bizrule: return $data['team_id'] == $params['team_id'];

data: a:1:{s:7:"team_id";s:1:"1";}

And then checking access with:


if (Yii::app()->user->checkAccess('team admin', array('team_id' => $Team->id))) 

     return "Yay... you're team admin, good for you";


     return "Shame shame, you're just an ordinary user";


If this is the way to work, I will refuse to use this workflow. Since it will generate tons of user assignments with PHP bizrules in the Db (which I’m not flattered with in the first place, PHP logic should simply not be stored in the Db). This seems to me like really bad design, since my access logic will be replicated hundreds of times, while I would like to keep my bizrule in one place and even preferably not in the Db.

But, I hate differentiating from the core, so I’m wondering if I’m seeing this all wrong. Is the above the pattern in which Yii is meant to work? Or am I going to have to build my own authentication manager?

I guess I’ll be creating my own access management.