Hello,
I’m trying to figure out how RBAC works, but faced with interesting fact. Maybe I don’t understand something, or…
So, Let’s take a look what I have done. Firstly, I’ve created 6 operations and assigned 2 of them to user.
public function actionInstall() {
$auth = Yii::app() -> authManager;
$auth -> createOperation('createUrl', "createUrl");
$auth -> createOperation('deleteUrl', "deleteUrl");
$auth -> createOperation('updateUrl', "updateUrl");
$auth -> createOperation('createCategory', "createCategory");
$auth -> createOperation('deleteCategory', "deleteCategory");
$auth -> createOperation('updateCategory', "updateCategory");
$auth -> assign('createUrl', 1);
$auth -> assign('createCategory', 1);
$auth -> save();
}
Then in other action I decided to test how much queries using the API
public function actionTest() {
var_dump(Yii::app()->user->checkAccess('createUrl'));
var_dump(Yii::app()->user->checkAccess('createCategory'));
}
The result is 4. To chek each item API do 2 queries.
SELECT *
FROM `directory_authassignment`
WHERE userid=:userid. Bound with :userid='1'
SELECT *
FROM `directory_authitem`
WHERE name=:name. Bound with :name='createUrl'
=======
SELECT *
FROM `directory_authassignment`
WHERE userid=:userid. Bound with :userid='1'
SELECT *
FROM `directory_authitem`
WHERE name=:name. Bound with :name='createCategory'
While the first and third are same queries.
Okay, I thought, and decided to be a problem that user do not have role.
In the next try I’ve created 6 operations, 1 role and assign role to a user.
public function actionInstall() {
$auth = Yii::app() -> authManager;
$auth -> createOperation('createUrl', "createUrl");
$auth -> createOperation('deleteUrl', "deleteUrl");
$auth -> createOperation('updateUrl', "updateUrl");
$auth -> createOperation('createCategory', "createCategory");
$auth -> createOperation('deleteCategory', "deleteCategory");
$auth -> createOperation('updateCategory', "updateCategory");
$role = $auth -> createRole("creator");
$role->addChild("createUrl");
$role->addChild("createCategory");
$auth->assign('creator', 1);
$auth -> save();
}
Checking query count one more time.
public function actionTest() {
var_dump(Yii::app()->user->checkAccess('createUrl'));
var_dump(Yii::app()->user->checkAccess('createCategory'));
}
And application log says that now we need run 4 queries to check item.
SELECT *
FROM `directory_authassignment`
WHERE userid=:userid. Bound with :userid='1'
SELECT *
FROM `directory_authitem`
WHERE name=:name. Bound with :name='createUrl'
SELECT `parent`
FROM `directory_authitemchild`
WHERE child=:name. Bound with :name='createUrl'
SELECT *
FROM `directory_authitem`
WHERE name=:name. Bound with :name='creator'
=========================
SELECT *
FROM `directory_authassignment`
WHERE userid=:userid. Bound with :userid='1'
SQL: SELECT *
FROM `directory_authitem`
WHERE name=:name. Bound with :name='createCategory'
SELECT `parent`
FROM `directory_authitemchild`
WHERE child=:name. Bound with :name='createCategory'
SELECT *
FROM `directory_authitem`
WHERE name=:name. Bound with :name='creator'
So, what I’m asking for.
Why am I this. I have web interface with about 14 items in menu which should be displaied or not depending on user access. To sum up:
If only operations will be assigned to the user and I will check all 14 items -> then it will took 14 * 2 = 28 queries into database.
If operations and roles will be assigned to the user, then it will take 14 * 4 = 56 queries.
Hmm… maybe I’m doing something wrong or… Please some one give me an advice how to reduce query count. Sorry for my bad English.