What is the best way to have user privilege levels


I have done a small user management system (with yii) which directs the user to different page based on their privilege level. what i have is, 3 user levels who are admin, student and teacher.

i am using user identity class to check the logged users privilege level and assigned it to user setState as shown below.

[b]Yii::app()->user->setState(‘loggedUserId’, $user->id);

Yii::app()->user->setState(‘adminName’, $user->first_name);[/b]

so this way i am tracking the user and directing them to their page. admin.php , student.php $ teacher.php

what i am doing to achieve this is, in site controller i am defining three actions, like actionAdmin(), actionStudent() & actionTeacher(). so when an admin logs in, i will redirect to admin view (admin.php). (in same way to others too)


then in action admin as follows,

[b]public function actionAdmin() {

    if (!Yii::app()->user->isGuest)


    else {

        Yii::app()->user->setFlash('notice', "Page is not permissible");




the bad thing is, in each action i should test as !Yii::app()->user->isGuest or Yii::app()->user->isGuest:(

so my concern is…

is it a good approach ? i feel like yii have some better way of doing it though i couldn’t figure out yet.

can any one please let me know a best practice to this.


can anyone help me pls

Here you are find 3 user level by adminName, So that it should be unique , I think this is a best practice. Its a good one…

You need to look into access control filters:



You can use this extension also…


I came across this access control tutorial using the AuthManager. You might like it:

I’m not allowed to embed links in my posts yet, but it’s at …