To estimate how RBAC subsystem suits some future project I forced to read Yii source code, as the guide didn’t answer all my questions Currenrly, I have found two places I don’t understand.
Major. saveAuthAssignment() function's has not WHERE phrase in it's sql string. I doubt this is an intention of the function.
Minor. checkAccess() function creates CAuthItem object before knowing this object is really needed (probably this object must be created after checking assignment's bizrule).
$auth=Yii::app()->authManager;
$auth->createOperation('readPost','read a post');
$role=$auth->createRole('reader');
$role->addChild('readPost');
$auth->assign('reader','readerA');
This code will create a row in assignments table with item name 'reader'. Now let's look at
public function checkAccess($itemName,$userId,$params=array())
{
$sql="SELECT name, type, description, t1.bizrule, t1.data, t2.bizrule AS bizrule2, t2.data AS data2 FROM {$this->itemTable} t1, {$this->assignmentTable} t2 WHERE name=itemname AND userid=:userid";
$command=$this->db->createCommand($sql);
$command->bindValue(':userid',$userId);
$rows=$command->queryAll();
...
return false;
}
Beeing called with 'readPost' item name the function will always return false because sql has 'name=itemname' condition.