Hi everyone,
I have been using Yii for more than a year and I’m quite happy with it.
Never had run into problem to ask about until now.
At the moment the RBAC model and the permissions are working okey, though,
I don’t fully understand the mechanics of the RBAC:
-
I do have modules with one controller each and some actions on everyone. Im parsing the actions as operations and the modules as tasks.
$auth->createOperation(‘submit’,‘save xml file’);
$task=$auth->createTask(‘edit’,‘Edit XML file’);
$task->addChild(‘submit’);
$role=$auth->createRole(‘administrator’);
$role->addChild(‘edit’);
At first i thought that i could then call the accessRules method in the controller like this:
array('allow',
'roles' => 'administrator',
),
and Yii would search for a ‘administrator’ that had the tasks associated which contained the action I was trying to access, i.e. trying to submit and if I was admin it allows me to.
But this wasn’t the case and I figured out that I could do as follows:
array('allow',
'actions'=>array('submit'),
'expression' => 'Yii::app()->user->checkAccess("submit")',
),
This does work, but I don’t know if this is “the way” to do it, (I do have to repeate this code for each action).
Assumptions:
you have to associate the security tokens with access rules,
if I create a submit from task module for instance, yii can't know from whom is that submit
Are this assumptions right?
‘Tasks’ is just a layer to organize and pack operations?
-
How can I limit the submit action depending on which file I’m editing? with bizRules associated to the operations? is it possible to pass parameters from the accessRules:
array('allow', 'actions'=>array('submit'), 'expression' => 'Yii::app()->user->checkAccess("submit", $ref)', ),
$bizRule=’ return $ref == “reference” ? true : false’;
$auth->createOperation(‘submit’,‘save xml file’, $bizRule);
$task=$auth->createTask(‘edit’,‘Edit XML file’);
$task->addChild(‘submit’);
$role=$auth->createRole(‘administrator’);
$role->addChild(‘edit’);
Thanks in advance folks.