Starting a decent sized project

Ok so I know Im diving in at the deep end but here goes…

My first project with Yii is an E-commerce (yes seriously), I like a challenge and I think Ill learn something with a decent sized project.

I followed the frontend backend tutorial found here:

So Im now at the point that I have password protected the admin pages, however I can only see a way of having global users (when I go to the front end I am logged in as admin also), what I really want is a way of making admin users have a static username and password, but then my ecommerce members have their chosen usernames and passwords which are hashed and saved in the db…is there a way of doing this or is it role based so I would say one are members and the other are admin?

Thanks in advance for any help.


I would make it role based. That way, your system should be able to use the same authorization structure throughout. So you don’t have two different authorization systems – one for admin and another for members (if I understand you correctly).

I am also developing a commercial site. My clients are companies with branches. So each branch will have a “User Manager” who will be able to assign roles to the users in the branch.

If I don’t want the User Manager to be able to assign the Amin role, I would flag the admin role record as being “not to be an option for the User Manager” or something.

I had to write my own RBAC procedures because gii generated controllers only check if the user is assigned a certain role. But I need the system to check if the user is assigned a certain role “for a specific branch”. Because the user could easily have different jobs to perform (different roles) at different branches.

Don’t know if this helps.