Yii Framework Forum: Creating Abstract Rbac Permissions - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Creating Abstract Rbac Permissions Rate Topic: -----

#1 User is offline   girlafraid 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 09-September 12

Posted 16 February 2013 - 06:33 PM

Suppose I have the following (example) RBAC tasks, which can be added to a user role:

$auth->createOperation('pageView');
$task = $auth ->createTask('pageView_secret', '', 'isset($params["page"] && $params["page"] -> isSecret();');
$task -> addChild('pageView');
$task = $auth ->createTask('pageView_topsecret', '', 'isset($params["page"] && $params["page"] -> isTopSecret(););
$task -> addChild('pageView');


This allows me to use:

Yii::app()->user->checkAccess('pageView', array('page' => $model)


Fairly straightforward. Now suppose instead of evaluating whether an already loaded model can be viewed, I wish to use this permission to define a scope on a findAll() call, so that only pages viewable by the user are queried - To use it before the fact, rather than after the fact, so-to-speak. For example:

if(!Yii::app()->user->checkAccess('pageView_topsecret')) {
   // set scope to exclude topsecret pages
} else {
   // something else
}


As the initial task expects $params["page"], i cannot use it as it is to accomplish this. Therefore, how should this be approached? Is it considered acceptable to use optional parameters, such as:

$task = $auth ->createTask('pageView_topsecret', '', 'return isset($params["page"]) ? $params["page"] -> isTopSecret() : true');


Or am I just going about this wrong, given that my bizrule pertains to an attribute in the Page and is irrespective of the user identity - is my bizrule inappropriately placed within RBAC? Perhaps something along the lines of calling a method such as $model -> checkViewAccess('private'), which then validates the user element and the page visibility separately and returns true/false, is preferrable?

Any advice welcome!
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users