Yes, I think that Rights should be just right for you. First of all, please have a look at the Yii Documentation, "Authentication and Authorization".
I use Rights together with yii-user, but I think it’s also easily compatible with just about any other User Management. But be aware that configuration requires a bit of knowlodge on Yii because you have to adjust some stuff, obviously, like setting table prefix. I think there was also an adjustment needed because the table was called “tbl_users” instead of “tbl_user” or something like that, but that’s just from the back of my mind. You should find an answer to almost every problem you might encounter during installation in the two respective threads for these extensions that can be found in this forum.
For the very basic Authentication, in my own project I still go the standard Yii way, just distinguishing between Guest, Registered and Admin.
If it gets more complex than this, the respective Controllers have to be extended from the RightsController:
class JSomeController extends RController // RController from extension: rights
For more information on how to actually use Rights, I would suggest downloading the blog demo.
In the end, it might be down to something like this:
/**
* @return array action filters
*/
public function filters()
{
return array(
'accessControl', // perform access control for CRUD operations
'rights + allUploads',
);
}
/**
* Specifies the access control rules.
* This method is used by the 'accessControl' filter.
* @return array access control rules
*/
public function accessRules()
{
return array(
array('allow', // allow everyone to see the description
'actions'=>array('list', 'details'),
'users'=>array('*'),
),
array('allow', // allow authenticated user to download files
'actions'=>array('materials', 'allUploads', 'userUploads'),
'users'=>array('@'),
),
array('allow', // only admins are allowed to do everything
'actions'=>array('index','view', 'create','update', 'admin','delete'),
'users'=>array('admin'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
Where I use Yii’s basic accessControl filter for every action except my actionAllUploads(). For allUploads, after it passes the first filter (first of all, the user has to be logged in, see accessRules() - I think if this would not be in, accessRules would deny access even before the Rights extension is used), Yii calls Rights’ access filter.
In order to realize what you want, not only distinguishing between certain groups of users, but also check if the user is actually in a particular school, you will need to define Business Rules. This is explained in Yii’s documentation, too.
Basically, the BizRule has to return true if the user is in the school. (In most cases, this means you need query your database and find out if this particular user id is related to the school.)
Have fun. 