rbac approach

i have a web site which is running on Yii since a while. Roles are currently managed by CPhpAuthManager.

My problem is roles are changed frequently in runtime and I don’t want to have auth.php file anymore.

My user table has a column user_level with integer values 1-6. 1 corresponds to reader, 2-writer, 3-moderator etc.And roles are hierarchical. I want this information to be enough to manage roles without any other db tables or php files.

I’ve read the article about simple rbac (extending a class from cwebuser). I need a solution similar to it.

  • Overriding CWebUser:checkAccess method seams to be reasonable but I want to keep my roles hierarchical (without any change in each accessRules method in my controllers). i.e. when user has user_lever 3 he should have writer rights too. i want to keep the following structure in my controllers.



      'roles' => array('moderator'),


  • I have my user levels as integers not as strings like reader, writer etc. So somehow I need to keep WebUser state and user_level synchronized

  • I should be able to update roles in runtime.

What would be the best approach for me ?