rbacmodels

extends CActiveRecord model to include RBAC (Role Based Access Control) in find functions
6 followers

Extends CActiveRecord model to include RBAC (Role Based Access Control) in find functions

This is a try to develop an activerecord class capable of automatically filter records, on all multiple find functions (findAll, findAllByAttributes, findAllBySQL).

Its use is pretty simple: just install it, change your ACRecord model class with RBACActiveRecord and create the virtual attribute "access" (public function getAccess()) in model, as described below. Every multiple find function will return only records accessible by the logged in user.

NOTE: - this class is in alpha state and has not been optimized and on large datasets it could have some performance issue, as it performs array filtering after the recordset has been returned by findAll functions (as far as I know Yii 1.x is not capable of doing record filtering using php because it uses pure SQL to retreive records from the db). Any contribution in its development and comments are much appreciated. - this extension pack also contains a modified version of CActiveDataProvider that should be be used together with RBACActiveRecord, because recalculates the total number of items according to RBAC filtering.

TO INSTALL THIS EXTENSION

git clone https://github.com/iltoga/RBACModels.git from within your extension folder

or

unpack RBACModels.zip into extension folder

note: I strongly advise you to download the git version as it is the most updated

add:

'ext.RBACModels.components.*', // RBACActiveRecord and RBACDataProvider

to protected/main.cfg 'import' array

(optional) add:

'RBACActiveRecord' => array(
   'performRBAC' => TRUE, // RBAC record filtering enabled by default
)

to protected/main.cfg 'params' array

Requirements

Yii 1.1 or above (testet with Yii 1.1.13)

Usage

In your ActiveRecord models (the one you want to filter using Rule Based Access Control): change the model class to RBACActiveRecord add the "access" virtual attribute as follows

public function getAccess(){
    // Note that this can be any php function that returns a boolean value
    // (TRUE/FALSE) and  not necessarily a call to checkaccess (Rights module)
    // Build it well, as a complex function could lead to slow response times
    // as this will be called on every record returned by findAll methods
 
    return "your access rule";
}

example (as described in RBACActiveRecord class):

public function getAccess(){
  // using an access rule containing a with bizule
  if (Yii::app()->user->checkAccess('storeaccess', array('store_id' => $this->id)){
     $access = TRUE;
  } else {
     $access = FALSE;
  }
  return $access;
}

Be the first person to leave a comment

Please to leave your comment.

Create extension