Hello all.
What is different between Tasks and Operation?
Do "if(Yii::app()->user->checkAccess('opeartionName'))" in each action of controler's?
Should name Task / Operations identical with Controllers actions?
Hello all.
What is different between Tasks and Operation?
Do "if(Yii::app()->user->checkAccess('opeartionName'))" in each action of controler's?
Should name Task / Operations identical with Controllers actions?
Authentication and Authorization / Overview
I’m not sure there is a better explanation.
Tasks and operations can be identical with controllers and actions, but they don’t have to. Choose their names carefully so they make the most sense to you.
Role/Task/Operation are all the same internally. They differ only in their namings. We classify them because they are used by different people.
Roles and tasks are used by administrators who would create new roles which are composed by tasks and assign roles to users. Administrators cannot modify tasks.
Tasks and operations are used by developers. Developers use checkAccess($operation) to determine if the current user can perform the specified operation. Tasks are composed of operations. Tasks are mainly created to be used by administrators.
For a simple system, you may only use roles and operations. That is, developers create operations while administrators create roles based on operations.
You may define an operation based on a controller action. In many cases, they do have one-to-one relationship (e.g. PostController::actionUpdate mapped to 'updatePost')
Thanks Qiang.
So i cannot do automation for check access. 
I hope on it.
When system is grow to wide system users want separate some actions.
On the "Post" example it look like separate 'create operation' on two.
So for redesign code i need create new operation with different names, and write new code, and remove old, for each piece of checking.
My idea is add 'xml' or 'php array' based rbac to controller actions map to Yii.
What do You think about it?
I see it in commercial framework.
Have you tried accessControl filter?
Hmmm…
Do you think about one BIG class for access filter and manage all controllers from ?
I was looking too at RBAC, I created a role applied to a user and a action and I used the "accesscontrol" for the controller.
For a site with 2 roles I thing it will be with this logic, to pass via accesscontrol the check (is not it?).
Also we may create roles with task and operations and to create a filter class to check if user has the role (or rather operation) related to the action/controller (and so the tasks/operations related)?
Also how do we pass a operation to a action ?