RBAC Design Advice

I am new to Yii but I am converting a raw php site to yii. The site is a school gradebook site for teachers.

Currently I have permissions in my db like isTeacher, isParent, isStudent, isOffice etc…

I understand how RBAC works, but need help converting my current logic to RBAC.

Currently teachers/parents/students all have access to things like Progress Reports. That is a simple conversion.

However, when I start thinking about things like attendance, teachers and office staff both have access to create attendance entries, but teachers can only set present or absent. Office staff can set other options like Excused etc.

Under the create attendance (current site), I check to see if user isTeacher or isOffice and display appropriate options.

I am wondering if I should just keep my current logic/thought process and use isTeacher etc… rather than try to micromanage the individual create/update/view actions in the controller?

Also, can I put the test Yii::$app->user-can() at the beginning of a controller to cover the entire thing?

I appreciate any advice you can give.

This helps me tremendously when I started RBAC

please check http://www.yiiframework.com/doc/guide/1.1/en/topics.auth