Rbac Using Hierarchical Scheme


I today found the tutorial on RBAC using Yii. Great tutorial, looks like the thing I need for my application.

I now have a question: I have a hierarchical structure of districts (using a nested set). Now I want to use the RBAC scheme, but I dont want to give these roles to a user generally, but instead coupled with the districts.

For example, I want to give User1 the Roles Role1 and Role2 for District1 and all its sub-districts. Or User2 the Role Role3 for District2 (but not its sub-districts).

Later I would like to check whether the current user has a specific role for a given district. Is that possible with Yiis RBAC System?

Best regards


you must grant privileges with business rule that gets "district_id" as parameter and returns true if user has access to it. All hierarchy logic must be put in that rule (probably with call to some external function). check examples on how to allow user to only edit his own posts in blog

you can also use ‘data’ to hold district IDs users is granted rights and match that against ‘district_id’ paased as param to ‘checkAccess’…