I’m just beginning to use Yii framework after defecting from Zend Framework (due to not focusing on rapid development / real world performance enough).
With Zend Framework I implemented my ACL as a plugin which allowed me to create an ACL system with the following features:
1 - Zero ACL code in each Controller file.
2 - ACL rules completely stored in the database.
3 - ACL rule implementation handled prior to main programme execution.
4 - ACL resources relate directly to modules / controllers / actions in a hierarchy.
5 - Using reflection the ACL resources could be generated based on the the existing Controllers and their actions.
6 - A fully automated admin panel could allow a user to select granular yes/no ACL rules.
I want to implement this system in Yii. I have been researching and it looks like the only way to handle this would be to use the onBeginRequest() event handler. This was used to do a very simple ‘is logged in’ check in the following tutorial: h**p://www.larryullman.com/2010/07/20/forcing-login-for-all-pages-in-yii/
So basically instead of only checking if a user is logged in, I want to check if a user has been granted access to the currently executing Module/Controller/Action combination.
The problem I am having is finding out what the currently executing Module/Controller/Action is from within the onBeginRequest event handler. The Yii::app()->request and Yii::app()->controller etc properties don’t seem to be set.
Is this because at the time of onBeginRequest execution these properties are not yet set, or is it just a scope issue?
Any tips? I really don’t want to rely on processing the URL and working it out that way as it’s a bit of a hack.