Complex User Management

I need a little help getting started with a fairly complex user management system. Attached is the database schema I came up with.

User-Group-Permissions include:

View:	Can view airstrips from "Group"

	+ Download:	Can download PDF files from "Group" airstrips

Create:	View + Can create airstrips for "Group"

	Can only update airstrips "User" creates

Edit:	Create + Can update all airstrips from "Group"

	+ Approval:	Can approve airstrips for "Group"

Group Admin:	Edit + Approval + Can CRUD "Users" to "Group", can change "User" permissions, can manage airstrip permissions

Airstrip-Group-Permissions include:

View:	"Group" can view airstrip

Edit:	"Group" can edit/update airstrip information

An example of how this works is this:

User A:

[indent]public (group) - view (permission)[/indent]

User B:

[indent]public - edit

Group 2 - admin[/indent]

User C:

[indent]public - view

Group 1 - Edit

Group 2 - view[/indent]

Airstrip ABC:

[indent]public - edit[/indent]

Airstrip WXY:

[indent]Group 1 - view

Group 2 - edit[/indent]

Airstrip XYZ:

[indent]Group 1 - edit[/indent]

User A can only view Airstrip ABC and can not view (or even list) Airstrips WXY or XYZ.

User B can edit Airstrip ABC, has admin authority over Airstrip WXY, but can not view (or list) XYZ.

User C can view Airstrips ABC, WXY, & XYZ. But can only edit XYZ.

I have looked at Yii User Management Module, grbac Extension, and srbac Extension. But, I don’t quite understand how to integrate them into what I am trying to do. (It could be that I’m trying to do this the extremely hard way.)

Is there an easier way to be able to have this type of control over content? I’m open to any suggestions (well, any reasonable suggestions).

BTW: The rest of this project is done thanks to all the great information here in this forum and in the documentation. I just have to implement the user-group-permissions before I can go live!

I suggest that you read the and try to understand how the built-in Authorization management system works. Of course there is no web interface provided for that so you will either need to write your own or use an extension.

And yes, it sounds like you’re trying to it the extremely hard way because you’re trying to build it from scrach while Yii already has an Authorization management system (e.g. CDbAuthManager).

Hope this helps.


Thanks for pointing me to topics.auth. Even though I’ve read it half a dozen times already, the Business Rule stuck out as something to look into.

I’ll see if this is what I need.

Just out of curiosity, are you planning to write your authorization management from scratch or?


Sorry to have taken so long, but I’ve been out of the country and {horror} with out internet access.

I think that I can use the built in RBAC (possibly with Business Rules) to implement the system that I need. So, I guess that the answer to your question is that I will be using the built in Authorization Management. But I’ll be filling in the authorization levels each time the user logs-in by checking against a few additional tables to create the complex structure that I need. Then call user->checkAccess() before any CRUD.

I’ll let the community know if this works, but it may take a while as right now this is just a side project for me. At my day job, we’re having a safety audit this week and the organization doing the audit really likes this idea, so this may turn from a side project into a full-time project!