Ok, so I extenderd CDbAuthManager to load each of the tables only once. The way I have extended it is so that with these default options nothing will change if you use this instead of CDbAuthManager. So set the extra options like below.
The way CDbAuthManager operates by default is to load each item from the item table and from the relations table with it’s own query, discarding the results when done. I call it “singleLoad”, and it is very inefficient. Set these two options (singleLoadAuthItems and singleLoadAuthParents) to false will load it all in a query and keep the results.
For the assignments, it will be load from the DB each time a check is made, even if it hasn’t changed. How often does the assignments change on the same page request? Set keepAuthAssignments to true to only load it once per request.
Here are some typical settings for protected/config/main.php:
'class' => 'EDbAuthManager',
'connectionID' => 'db',
'assignmentTable' => 'rbac_assignments',
'itemChildTable' => 'rbac_relations',
'itemTable' => 'rbac_items',
'showErrors' => YII_DEBUG,
'singleLoadAuthItems' => false,
'singleLoadAuthParents' => false,
'keepAuthAssignments' => true,
And here is the code. checkAccessRecursive() is identical to the CDbAuthManager one, except I moved the part where the parents are loaded to getAuthParents(). I also overwrote getAuthItem() and getAuthAssignments().
class EDbAuthManager extends CDbAuthManager
public $singleLoadAuthItems = true;
public $singleLoadAuthParents = true;
public $keepAuthAssignments = false;
protected $_items;
protected $_parents;
protected $_assignments = array();
protected function checkAccessRecursive($itemName, $userId, $params, $assignments)
if (($item = $this->getAuthItem($itemName)) === null)
return false;
Yii::trace('Checking permission "'.$item->getName().'"','system.web.auth.CDbAuthManager');
if (!isset($params['userId']))
$params['userId'] = $userId;
if ($this->executeBizRule($item->getBizRule(), $params, $item->getData()))
if (in_array($itemName, $this->defaultRoles))
return true;
if (isset($assignments[$itemName]))
$assignment = $assignments[$itemName];
if ($this->executeBizRule($assignment->getBizRule(), $params, $assignment->getData()))
return true;
foreach ($this->getAuthParents($itemName) as $parent)
if ($this->checkAccessRecursive($parent, $userId, $params, $assignments))
return true;
return false;
public function getAuthItem($name)
if ($this->singleLoadAuthItems)
return parent::getAuthItem($name);
if (!isset($this->_items))
$rows = $this->db->createCommand()
$this->_items = array();
foreach($rows as $row)
if (($data = @unserialize($row['data'])) === false)
$data = null;
$this->_items[$row['name']] = new CAuthItem($this, $row['name'], $row['type'], $row['description'], $row['bizrule'], $data);
if (isset($this->_items[$name]))
return $this->_items[$name];
return null;
public function getAuthAssignments($userId)
if ($this->keepAuthAssignments)
if (!isset($this->_assignments[$userId]))
$this->_assignments[$userId] = parent::getAuthAssignments($userId);
$assignments = $this->_assignments[$userId];
$assignments = parent::getAuthAssignments($userId);
return $assignments;
public function getAuthParents($itemName)
if ($this->singleLoadAuthParents)
return $this->db->createCommand()
->where('child=:name', array(':name'=>$itemName))
if (!isset($this->_parents))
$relations = $this->db->createCommand()
$this->_parents = array();
foreach ($relations as $row)
$this->_parents[$row['child']][$row['parent']] = $row['parent'];
if (isset($this->_parents[$itemName]))
return array_values($this->_parents[$itemName]);
return array();