Hi,
I have successfully implementation my 1st project using Yii Framework.
It is fast & really easy after you have mastered the API.
It took me about a month to learn & use Yii
Showcase: www.propertyxhange.com
However my next project is abit tough where i would have over thousand user account with different access right & permission. Currently, i’m exploring RBAC in Yii. i have studied a few day RBAC with existing documentation & sample.
and i have a few questions.
$auth=Yii::app()->authManager;
$auth->createOperation('createPost','create a post');
$auth->createOperation('readPost','read a post');
$auth->createOperation('updatePost','update a post');
$auth->createOperation('deletePost','delete a post');
DO WE HAVE TO DEFINE ALL MY OPERATIONS IN THIS WAY?
============================================================================
$bizRule='return Yii::app()->user->id==$params["post"]->authID;';
$task=$auth->createTask('updateOwnPost','update a post by author himself',$bizRule);
$task->addChild('updatePost');
$role=$auth->createRole('reader');
$role->addChild('readPost');
$role=$auth->createRole('author');
$role->addChild('reader');
$role->addChild('createPost');
$role->addChild('updateOwnPost');
$role=$auth->createRole('editor');
$role->addChild('reader');
$role->addChild('updatePost');
$role=$auth->createRole('admin');
$role->addChild('editor');
$role->addChild('author');
$role->addChild('deletePost');
============================================================================
IS THE BELOW CODING A HARD CODED USER TO ROLES?
IF I HAVE THOUSAND OF USERS DO WE HAVE A BETTER WAY?
IF THE USER HAS REVOKED A PREVIOUS ROLE & REASSIGN TO A NEW ROLE. WILL THE AUTHMGR
ABLE TO FIND OUT?
$auth->assign('reader','readerA');
$auth->assign('author','authorB');
$auth->assign('editor','editorC');
$auth->assign('admin','adminD');
Please advise!
Thank you.
Jim