Hi All,
I’m just trying to do a quick RBAC setup using the access control filter and Yii’s built-in RBAC system, but I seem to have come upon a stumbling block.
I have a business rule, much like the ones in the examples, which allows some users general access and others access to a user to update their own data (or other sub-sets of data). The problem is that allowing a user by rule using the access control filter does not seem to offer any opportunity to add some params for the business rule to use.
Am I missing something?
I can think of an easy way to add them, by adding a ‘params’ element to the rule array (beside ‘roles’, ‘actions’, etc.), and am surprised it’s not catered for already.
Something like:
class AccessRule extends CAccessRule {
public $params = array();
protected function isRoleMatched($user)
{
// Pass $params to $user->checkAccess as the second argument
}
}
No?
Cheers!