I want to make a dynamic scope to returns Model records according to permissions of current user
for example
public function scopes() {
return array(
'UserScope' => array(
'condition' => <something to get the records according to RBAC permissions>
),
);
}
I could write a query to get the RBAC authitem inheritance and bizrule to fetch what records are permitted (view, read, create) for the user, but is complicated.
Is there a way to get compatible query with scope by Yii::app()->user->checkAccess(‘theAction’,$bizRule) ?
scopes are resolved on database level while bizrules are php code. the only way is to convert bizrule to SQL and put that in scope.
function privileged() {
$user = Yii::app()->user;
if( $user->checkAccess( 'admin' ) {
return this;
}
//user is not admin, so we prepare criteria that do the same as corresponding bizrule
$this->dbCriteria->mergeWith( array(
'condition'=>'t.owner_id = :uid',
'params'=>array( ':uid'=>$user->id )
) );
return $this;
}
if you create named scopes as function you must merge your criteria with $this->getDbCriteria() and always return $this (look at my example). This is proper way of using such scopes (or you won’t be able to use it in pipeline like this: Model::model()->scope()->findAll() )
only functions "scopes()" and "defaultScope()" can return scopes as array. Read carefully links that you provided. Especially this paragaraph: "Parameterized Named Scopes" which covers scopes defined as separate methods.