Currently I’m implementing my own ACL system. For restricting database actions I rewrote the beforeSave function from the ActiveRecord class.
I’m implementing my function as the default model class.
class Event extends ACL
{
...
}
So far so good. In my database I have a privilege table where I store user,group,creator or self roles which relate to actions on specific table’s. I use the standard RBAC from yii for page restriction based on user-level so I don’t have to check all privileges on each page load. The ACL behavior is for database related purposes only. Like if a user would like to see post/someid/view and he has no rights for that specific post access is not granted.
By example Role: Group Who: 4 Action: insert Table: Event
Now group with id 4 has privileges to insert into the event table. That part works fine, now I want to be able to restrict certain users from searching table’s in my database. Same if ‘role’ would be ‘user’. In the documentation I can’t find something like beforeFind.
Does somebody know where I can hack in to the system and control the let’s call it beforeFind function?