RBAC - Multiple roles per user?

Yii 1.1 General Discussion
1

Does the Yii RBAC enable a user to be assigned more than one role?

Assuming roles are set up as follows:

[color="#0000FF"]$auth->createOperation(‘addRecOff’,‘Add Receiving Officer’);

$auth->createOperation(‘enterReceivedItems’,‘Enter Quantites Received’);

$auth->createOperation(‘addReqSup’,‘Add Requisition Supervisor’);

$auth->createOperation(‘submitReq’,‘Submit a requisition’);

$auth->createOperation(‘addReqOff’,‘Add Requisition officer’);

// receivingofficer can only Enter Quantites Received

$role=$auth->createRole(‘receivingofficer’);

$role->addChild(‘enterReceivedItems’);

// reqofficer can only Submit a requisition

$role=$auth->createRole(‘reqofficer’);

$role->addChild(‘submitReq’);

// reqsuper can do all that reqofficer can do, plus can Add Requisition officer

$role=$auth->createRole(‘reqsuper’);

$role->addChild(‘reqofficer’);

$role->addChild(‘addReqOff’);

// manager can do all that receivingofficer and reqsuper can do, plus can Add Requisition Supervisor

$role=$auth->createRole(‘manager’);

$role->addChild(‘receivingofficer’);

$role->addChild(‘reqsuper’);

$role->addChild(‘addRecSup’);

[/color]

If I want userA to be both a receivingofficer AND a reqofficer, can I do the following:

[color="#0000FF"]$auth->assign(‘receivingofficer’,‘userA’);

$auth->assign(‘reqofficer’,‘userA’);[/color]

So that the following both return true when userA is logged in:

[color="#0000FF"]Yii::app()->user->checkAccess(‘enterReceivedItems’)

Yii::app()->user->checkAccess(‘submitReq’)[/color]

Or would I have to create a new role, such as:

[color="#0000FF"]$role=$auth->createRole(‘reqandreceivingofficer’);

$role->addChild(‘receivingofficer’);

$role->addChild(‘reqofficer’);[/color]

2

Yes, you can and it’ll work as expected.

Btw, no offense but wouldn’t it be faster to try it instead of waiting for a reply on forum? :)

3

Thanks for the reply.

In regard to your question about it being faster to try it, no offence taken and here is my rationale:

I am currently evaluating various frameworks and the most important criteria for me, aside from features, is comprehensive and useful documentation along with a helpful community. Part of my evaluation process, therefore, is to attempt to learn as much as possible from the documentation and community before I actually try to use it. So I have made a list of various things I want to achieve and then have read the docs to see how easy it is to find out how to achieve them. So far, this issue is the only one I have not been able to learn that way, which gave me an opportunity to try the forum.

4

John the Kiwi,

Thanks for the input. It helps me thinking about how to use the authentication steps to take during a fresh install within the project.

Duketown