What is the relationship between these two things please? They both seem to do the same thing, provide information as to permission to perform certain actions.
What is the relationship between these two things please? They both seem to do the same thing, provide information as to permission to perform certain actions.
Have a look at this part of the guide for a pretty good breakdown.
In short, accessRules() defines simple rules, which may or may not invoke RBAC. If you want to invoke RBAC directly, such as to alter what’s displayed on screen depending on the user’s privileges, you can use Yii::app()->user->checkAccess().
Thanks. I take it then, if I have accessRule()s in place that I don’t then need to explicitly call checkAccess() in cases like this
if(Yii::app()->user->checkAccess('deletePost'))
{
// delete the post
}
per http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#role-based-access-control ?
If I use RBAC, what should I do with my accessRule()s? I don’t really want to have to list, in code, every user which might be an admin, I’d like to do it role based (since the users will change over time). (Sorry, probably basic questions, but I’m new…)
The page I linked you to gives an example of a role based access rule:
array('allow',
'actions'=>array('delete'),
'roles'=>array('admin'),
),
Ah, great! Thank you!