Hi AndroideLP,
first question is are you trying to restrict access to actions or access to some records?
If you are restricting access to actions then there is the full built-in RBAC, or if that is over-engineered for your needs I have one extra level implemented as follows:
In protected/components/UserIdentity.php (or whatever you have called it):
class UserIdentity extends CUserIdentity
{
public function authenticate()
{
# after authenticating the user
Yii::app()->user->setState('userType',$_userType);
then in your controller->accessRules:
array('allow',
'actions'=>array('index','grid','view', ..... ),
'expression'=>'Yii::app()->user->getState("userType")=="app"',
),
You can still use Yii::app()->user->isAdmin/ isGuest etc to control access to other actions. A good explanation can be found in the extending CWebUser tutorial.
If you wish to control access to records then one approach is to use a default scope using another user state. Assuming the records have a companyId field and a user can only see records from their own company, then in your models:
public function defaultScope()
{
return array(
'condition' => $this->getTableAlias(false,false).'.companyId="'.Yii::app()->user->companyId.'"',
);
}
where companyId is set using a setState in UserIdentity.php (same as userType above).
In theory you can use Yii::app()->user->userType instead of getState("userType"), but I had some problems with that so used the longer call (there is a magic getter in CWebUser)
Hope this helps,
proto-Guru
