[Rights Extension] Multiple Profils

Hi all,

I’m rather new to Yii but it’s been a few week i’m trying some things and it’s just huge !!

I want to create a site with right management and I found ‘Rights’ extension. It seems usefull but I don’t know if it could be the one I need.

I want to be able to have 2 more profils than Guest, Connected and Admin : Trainee and Teacher. Each of these profils is linked to a School. You’ve got the rights of Trainee or Teacher, but for a particular School… and you can be Trainee of several School and Teacher for Several School too ^^. The ‘base’ profils : Guest, Connected and Admin aren’t linked to a school…

Does the ‘Rights’ extension allow me to do that ? what kind of changes does I have to do ? Does something else can help me to manage that.

I think it’s not the easier but that is a common issue and I don’t want to developp it from scratch

Hope I was clear enough

Thanks in advance for your help !

Yes, I think that Rights should be just right for you. First of all, please have a look at the Yii Documentation, "Authentication and Authorization".

I use Rights together with yii-user, but I think it’s also easily compatible with just about any other User Management. But be aware that configuration requires a bit of knowlodge on Yii because you have to adjust some stuff, obviously, like setting table prefix. I think there was also an adjustment needed because the table was called “tbl_users” instead of “tbl_user” or something like that, but that’s just from the back of my mind. You should find an answer to almost every problem you might encounter during installation in the two respective threads for these extensions that can be found in this forum.

For the very basic Authentication, in my own project I still go the standard Yii way, just distinguishing between Guest, Registered and Admin.

If it gets more complex than this, the respective Controllers have to be extended from the RightsController:

class JSomeController extends RController // RController from extension: rights

For more information on how to actually use Rights, I would suggest downloading the blog demo.

In the end, it might be down to something like this:

	/**

	 * @return array action filters

	 */

	public function filters()

	{

		return array(

			'accessControl', // perform access control for CRUD operations

            'rights + allUploads',

		);

	}


	/**

	 * Specifies the access control rules.

	 * This method is used by the 'accessControl' filter.

	 * @return array access control rules

	 */

	public function accessRules()

	{

		return array(

            array('allow',  // allow everyone to see the description

                   'actions'=>array('list', 'details'),

                   'users'=>array('*'),

               ),

              array('allow', // allow authenticated user to download files

                   'actions'=>array('materials', 'allUploads', 'userUploads'),

                   'users'=>array('@'),

               ),

            array('allow', // only admins are allowed to do everything

                'actions'=>array('index','view', 'create','update', 'admin','delete'),

                'users'=>array('admin'),

            ),

			array('deny',  // deny all users

				'users'=>array('*'),

			),

		);

	}

Where I use Yii’s basic accessControl filter for every action except my actionAllUploads(). For allUploads, after it passes the first filter (first of all, the user has to be logged in, see accessRules() - I think if this would not be in, accessRules would deny access even before the Rights extension is used), Yii calls Rights’ access filter.

In order to realize what you want, not only distinguishing between certain groups of users, but also check if the user is actually in a particular school, you will need to define Business Rules. This is explained in Yii’s documentation, too.

Basically, the BizRule has to return true if the user is in the school. (In most cases, this means you need query your database and find out if this particular user id is related to the school.)

Have fun.