RBAC and Controller:accessRules()

dubby · June 6, 2012, 1:40am

I have always loved the way Yii allows you to easily assign who can perform what action using the accessRules() method in the controller. However I always assumed that you could replace assigning guests ‘*’, logged in users ‘@’ and ‘admin’ with roles that are defined with RBAC.

I have learnt that this is not the case and instead we need to run if statements like the following in the action method:




if(Yii::app()->user->checkAccess('createPost'))

Can someone shed some light on why it is not done this way. I’m sure there’s good reasons but knowing why would help me move on from wanting it to work this way.

Thanks.

Seal · June 6, 2012, 2:04am

To understand this better you want to read the Yii rbac tutorial and perhaps some yii wiki’s on rbac.

Yii uses mainly two ways to grant permission access to for example action. You already know this as you have said.

There’s too many reason to mention. But check this article it will help you to visualize it.

Remember that rbac is using hierarchy of roles, so when you call


if(Yii::app()->user->checkAccess('createPost'))

once.

Yii goes through your defined rbac hierarchical graph and decided on each node if it should grant access. Hope this helps.

dubby · June 6, 2012, 2:08am

Thanks again Seal.

I will read the article when I have a chance.