Help for full understand RBAC

Hello all.

What is different between Tasks and Operation?

Do "if(Yii::app()->user->checkAccess('opeartionName'))"  in  each action of  controler's?

Should name Task / Operations  identical with Controllers actions?

Authentication and Authorization / Overview

I’m not sure there is a better explanation.

Tasks and operations can be identical with controllers and actions, but they don’t have to. Choose their names carefully so they make the most sense to you.

Role/Task/Operation are all the same internally. They differ only in their namings. We classify them because they are used by different people.

Roles and tasks are used by administrators who would create new roles which are composed by tasks and assign roles to users. Administrators cannot modify tasks.

Tasks and operations are used by developers. Developers use checkAccess($operation) to determine if the current user can perform the specified operation. Tasks are composed of operations. Tasks are mainly created to be used by administrators.

For a simple system, you may only use roles and operations. That is, developers create operations while administrators create roles based on operations.

You may define an operation based on a controller action. In many cases, they do have one-to-one relationship (e.g. PostController::actionUpdate mapped to 'updatePost')

Thanks Qiang.

So i cannot  do automation  for check access. :frowning:

I hope  on it.

When system is grow  to wide    system users want separate  some actions.

On the "Post" example it look like    separate 'create operation' on two.

So for redesign code i need  create new operation with different names,  and write new code, and remove  old,  for  each piece of checking.

My idea is add 'xml' or 'php array' based rbac to controller actions map to Yii.

What do You think about it?

I see  it in commercial framework.

Have you tried accessControl filter?


Do you think about  one BIG class for access filter and  manage all  controllers from ?

I was looking too at RBAC, I created a role applied to a user and a action and I used the "accesscontrol" for the controller.

For a site with 2 roles  I thing it will be with this logic, to pass via accesscontrol the check (is not it?).

Also we may create roles with task and operations and to create a filter class to check if user has the role (or rather operation) related to the action/controller (and so the tasks/operations related)?

Also how do we  pass a operation to a action ?