I’m developing an application where I restrict user’s ability to create new items of a kind according to which “plan” he subscribed, for example STARTER plan limits to 25 units.
In CRUD view and controller I should add something like: “if user is allowed to create more: show button/save” etc… but where should I put the code to perform this check? I don’t want it to be a user’s class method because I want it to be more general: the check could be performed on user, on group or on company he belongs to; so I’m thinking about a separate class and I want to find the more Yii-ish way.
Would it be Yii-ish to create a class ‘PlanChecker’ in ‘helpers’ directory? should the class extend something?
Then, another similar problem: I’m calculating statistics about some records in a database table and there are two controllers that use theese statistics: the user profile AND another statistics reporting controller. In this case where should I put the common code?
At the moment I created a new class MyStatistics that extends CModel and I’ve put it in ‘models’ directory. It works but I feel it’s not the proper way. Which should be the right place? ‘helpers’ directory again?
In my opinion, that would be plain procedural programming, hidden by some OO syntax. Nothing is wrong with procedural approach, but then you don’t need User model at all. Since User model already has access to all required data (Plan, Company, count of already created items) via relations, this class is the most logical place for the check() method.
I think the first issue could be handled with the role base access control which is built in the framework. I’m not very sure, because I don’t have a clear notion of your needs. But it doesn’t sound too special or complicated to be handled with RBAC.
I can recommend "yii-rights" extension for the purpose.
As for the second one, I think your approach is OK.
I would put into the model those codes that deal with the logic related to the data. And if I need some codes to produce the direct outputs, like a formatting of a data for view, then I would also make a separated helper class in the components directory. It’s something like MyHtml class, you know.
After all, this is just my way of coding. You can be more clever.
[P.S.]
For the general guidance, I think the following section in the guide is quite well written.
I solved the first problem with a “permission” check in the controller, at the beginning of Create action, and if the check is negative it renders a special error view. It’s better because in this way I can explain the reasons of permission denial, while with Rights/RBAC I just deny the action without explaining to end user.
For the second problem I’m trying to put as much code as possible into the closer related class (sometimes it’s hard to choose because code uses data from 2 or more different models), and when it doesn’t fit into a model I create a separate model.
As far as I understood there’s no difference to put this kind of code in Models directory rather than Helpers directory. It’s like that Models are related to ActiveRecord and Helpers to visualization and HTML, so in the end it’s a personal choice.
