i have a web site which is running on Yii since a while. Roles are currently managed by CPhpAuthManager.
My problem is roles are changed frequently in runtime and I don’t want to have auth.php file anymore.
My user table has a column user_level with integer values 1-6. 1 corresponds to reader, 2-writer, 3-moderator etc.And roles are hierarchical. I want this information to be enough to manage roles without any other db tables or php files.
I’ve read the article about simple rbac (extending a class from cwebuser). I need a solution similar to it.
- Overriding CWebUser:checkAccess method seams to be reasonable but I want to keep my roles hierarchical (without any change in each accessRules method in my controllers). i.e. when user has user_lever 3 he should have writer rights too. i want to keep the following structure in my controllers.
array('allow',
'actions'=>array('some_moderator_action'),
'roles' => array('moderator'),
)
-
I have my user levels as integers not as strings like reader, writer etc. So somehow I need to keep WebUser state and user_level synchronized
-
I should be able to update roles in runtime.
What would be the best approach for me ?