I have been reading from a book and online to better understand how to use Yii’s RBAC to enforce limited access to various actions within an application. But I am still not clear on how to do this.
I have a model User which belongs to Office through a User.officeId=Office.id ONE_TO_MANY type relationship. I want to restrict all actions from User to all Office actions limited to the Office that the User is a member of.
Therefore what should I have in the role assignment? I want to have something like this:
$bizRule='return Yii::app()->user->officeId==$params["office"]->id;';
$task=$auth->createTask('readOwnOffice','Read an office',$bizRule);
However Yii::app()->user->officeId would return a ‘officeId is not defined’ error.
Am I going about this the right way?