reading CDbAuthManager

To estimate how RBAC subsystem suits some future project I forced to read Yii source code, as the guide didn’t answer all my questions  :) Currenrly, I have found two places I don’t understand.

  1. Major. saveAuthAssignment() function's has not WHERE phrase in it's sql string. I doubt this is an intention of the function.

  2. Minor. checkAccess() function creates CAuthItem object before knowing this object is really needed (probably this object must be created after checking assignment's bizrule).

Thank you very much! That's the first bug after 1.0.1 release. Fixed it.

Sorry, was not fast enough to report before 1.0.1  ;D

Next thing I don't understand - why usingSqlite code fork case is not the only case?

SQLite doesn't enforce FK relationship. Therefore, we need to do extra work in PHP code.

Aha, I see, thanks!

Let's take fragment from the guide:


$auth->createOperation('readPost','read a post');




This code will create a row in assignments table with item name 'reader'. Now let's look at

	public function checkAccess($itemName,$userId,$params=array())


		$sql="SELECT name, type, description, t1.bizrule,, t2.bizrule AS bizrule2, AS data2 FROM {$this->itemTable} t1, {$this->assignmentTable} t2 WHERE name=itemname AND userid=:userid";





		return false;


Beeing called with 'readPost' item name the function will always return false because sql has 'name=itemname' condition.

Have I missed something?

naah, the condition is to join the two tables.

Ups… Yes! - all user assignments will be found.