dynamic role/permission system question

Hi all,

I'm new here. Nice to meet you.

I have never with Yii before. I have glanced at the docs. I have some requirement/design questions before I settle on a framework or none at all. Thanks for your advice.

I'm building a scheduling/event application. It seemed simple at first glance, but then slowly the requirements grew. Basically the difficult part was the fine grained permission system that must be implemented. Here is an example:

An event on the schedule can have various attributes added:

catering, entertainment, tours

Those attributes can also have their own attributes:

catering(drinks, snacks), entertainment(dancers, rock band, clowns), tour(river tour, town tour)). Those might even have attributes of their own:

entertainment(dancers(chicken group(3:30), bunnies(00:30)), rock band(headbashers(17:30)), clowns(8:00))

Each user must be able to be configured to have access read or write to only certain of those objects down to the lowest item on the hierarchy. So for example, a client logs in and organizes an event and adds and customizes(time, style, etc) all the attributes s/he wants. However, they can't add or see anything they were not configured for. This way a hotel can book a catering event, but not rock festival. Dumb examples - sorry.

Is that clear? I hope so.

Next, each user might belong to a group which might be used to set the permissions for that user. I don't know if it's asking too much, but it would be nice if groups could also belong to groups.

So we have these large and deep trees of objects. It's similar to file system's permissions.

My question is: can I implement such a system with Yii and it's libraries for authentication? Or should I use something more basic or just write it directly in PHP from scratch. I'd like to make use of some the nice features of Yii, I'm just not sure if it can handle such a deep permissions "tree". This "tree" is dynamic and will change anytime an "admin" adds more attributes to the system.

Is Yii's authentication/permission(Yii::app()->user) system able to handle that complexity? Or maybe there is a different way to handle this with Yii. I would like to hear from users or authors with experience that can tell me if the above is possible and where to start.

Any comments or advice are appreciated.

Many thanks,


Yii supports RBAC - http://www.yiiframew…-access-control - which would probably help you a long way.

I suggest you give it a good read and decide if it would be of help to you.

Thank you very much for pointing me in the right direction. I've had a look at the documentation. So far it looks good. I'll keep reading and then maybe even make some test.