Model Scopes And Rbac

Hi everyone

Is there a way to combine scope and RBAC ?

I want to make a dynamic scope to returns Model records according to permissions of current user

for example


 public function scopes() {


        return array(

          

            'UserScope' => array(

                'condition' => <something to get the records according to RBAC permissions>

            ),

           

        );

    }



I could write a query to get the RBAC authitem inheritance and bizrule to fetch what records are permitted (view, read, create) for the user, but is complicated.

Is there a way to get compatible query with scope by Yii::app()->user->checkAccess(‘theAction’,$bizRule) ?

Thanks

scopes are resolved on database level while bizrules are php code. the only way is to convert bizrule to SQL and put that in scope.




function privileged() {

   $user = Yii::app()->user;

   if( $user->checkAccess( 'admin' ) {

      return this;

   }

   //user is not admin, so we prepare criteria that do the same as corresponding bizrule

   $this->dbCriteria->mergeWith( array(

      'condition'=>'t.owner_id = :uid',

      'params'=>array( ':uid'=>$user->id )

   ) );

   return $this;

}



and then use it like this:




$objects = Model::model()->privileged()->findAll();



Thanks redguy for your response and for your advice :)

According to your way, I made it by similar way


function scopes() {

   $user = Yii::app()->user;

   if( $user->checkAccess( 'admin' ) {

      return  return array('theScope' => array());

   }


   if( $user->checkAccess( 'author' ) {

      return  return array('theScope' => array('condition'=>'custom sql query'));

   }

   

   if( $user->checkAccess( 'member' ) {

      return  return array('theScope' => array('condition'=>'custom sql query2'));

   }




}

The only drawback both of the ways is :

if another role will be added then we have to extend the code.

I would like something more dynamically and "generated" by RBAC,

so I may write it by myself.

I would like to achieve something the drupal cms does with its permission system.

anyway, if someone has a solution to do that, please post it :)

Thanks redGuy and anyone to try it :)

if you create named scopes as function you must merge your criteria with $this->getDbCriteria() and always return $this (look at my example). This is proper way of using such scopes (or you won’t be able to use it in pipeline like this: Model::model()->scope()->findAll() )

Thank you redguy for your advice!

I will check that later.

But in official Yii site I already found documentation that returns arrays

http://www.yiiframework.com/doc/guide/1.1/en/database.arr#relational-query-with-named-scopes

http://www.yiiframework.com/doc/guide/1.1/en/database.ar

Have you found disadvantages of that ?

Thanks :)

only functions "scopes()" and "defaultScope()" can return scopes as array. Read carefully links that you provided. Especially this paragaraph: "Parameterized Named Scopes" which covers scopes defined as separate methods.

Ok redGuy

I didn’t imply something wrong for Yii documentation!

I just understood that is preferable to use Named scopes rather than scopes by returning array, especially when we have complicated queries.

I gave you a vote :)

Thanks :) I just wanted to point your attention so you wont receive misleading errors.