RBAC library design

samdark · October 5, 2019, 10:30pm

I’ve spent some time cleaning up RBAC so now it passes tests: https://github.com/yiisoft/rbac

There are some questions I’d like to hear your opinion about:

Is it useful to have an ability to assign permission directly to a user instead of adding to role that is assigned to user?
Is ManagerInterface complete enough to RBAC management UI?

demonking · October 6, 2019, 3:27pm

Seems complete enough, but it’s only my opinion.

Edit: To Point 1, have misunderstood the question.
This was a general question, have deleted my quote

rob006 · October 7, 2019, 9:26am

Yes, it is useful. Are there any drawbacks of having it?

samdark · October 7, 2019, 10:16am

Yes. It’s abused. What are use cases?

kavitama · October 7, 2019, 12:19pm

To me it is wrong to assign permission directly to a user, somehow is an old heritage of monolithic apps

rob006 · October 7, 2019, 12:37pm

More granular permissions for editing articles in wiki-like website. Each article has its own permission, and I’m assigning them directly to users (there is too many combinations to create roles).

This is Yii 1.1 website, so I’m not using RBAC from Yii 2, but something similar.

How? If there is a need for assigning permission directly to user, people will do this anyway - they will just create roles instead of permissions.

samdark · October 7, 2019, 9:15pm

So far:

Decided no to remove ability to add permissions directly to user.
Removed ability to check for a role with userHasPermission(). Hope that would result in more correct RBAC usage.

Insolita · October 8, 2019, 6:11pm

1 it depends on project, in some cases it useful to assign permissions directly without roles

schmunk · October 10, 2019, 2:17pm

Would be nice to have an option, to explicitly enable assigning of permissions to users. I agree that this is abused often.

samdark · October 10, 2019, 3:24pm