RBAC implementation, interface IAuthManager

yugenekr · July 18, 2011, 3:03pm

Hi everyone,

I’m thinking on RBAC implementation for the project I work on.

The main problem is users in my system can have different roles assigned to him/her (a user can participate in different groups with a different role for each group).

My idea was to add a group_id field to an authAssignment table and to overwrite all needed methods in CDbAuthManager (to add support for this field), but the problem is I don’t know how to pass group_id parameter, as implemented interface IAuthManager doesn’t support such possibility.

The second variant – to create a separate table roleUserGroup, to store relations between users-groups-roles, but it looks a bit redundant for me, as the same information can be stored (and logically should) in a table authAssignment.

If you have ideas on this question, you’re very welcome to share them.

Thank you,

Yuga

yugenekr · July 19, 2011, 8:24am

Okay, I decided to try the first variant, and to pass additional (not declared in the interface) parameter. If it will be set to null/false in a method signature then I won’t get any errors (IAuthManager will be considered implemented correctly as long as initially declared parameters are on theirs places).

Hope it was a correct decision, will see

ivica · July 19, 2011, 8:44am

Maybe you can use bizRule for roles, to determine if user will get a role in particular group or not.

yugenekr · July 19, 2011, 8:51am

Yes, that was my second variant I wrote about (well, I didn’t described it in details, but bizRules are used there, of course).