Dynamic RBAC Role Generation

Hi there!

I’m working on a rather big project which needs multiple usertables but using only one permissionsystem (RBAC)

We got these tables: permission, group, permission_in_group, userlink (containing userID of different usertables and the ID of the usertable)and user_in_group.

Additionally to that, we have the auth_ tables that come along with Yii/RBAC. (used the migration schema).

Now for the harder part:

We have to populate the auth_ tables depending on the other tables (permission,group,userlink, etc).

This is where my concerns start, because we care a lot about performance.

I have to loop over our own data (users, permissions) to assign them to the user that is currently using the system and add these to the auth table.

I’m not sure if the PhpManager is more fitting than the DbManager, since I have to assign permissions to the user, depending on the situation.

Or I try to manage to synchronize our permissions with the RBAC permissions. Which means all permissions are present at all times, not just depending on the scenario/situation.

I’m a bit lost. Please let me know if my approach to that issue is far from getting to a solution.

Best Regards:


Assuming the problem is that the other tables are actively maintained/modified and you want to keep the rbac tables in sync with these, my own opinion would be to look at sub-classing DbAuthManager and seeing if you can get it to use your tables directly. You can add another db connection to the config and as long as you can make your tables create the same logical path of permissions, this might be the easiest way.

The hierarchy is basically a tree where a user links to 1 or more roles, a role is a parent of 0 or more roles and 0 or more permissions and a permission is a parent of 0 or more permissions.

If you think your tables can be seen in the same way, see if you can do that. Replicating the data across sounds like a whole load of testing and maintenance pain?