Do Yii Checkaccess Relies On A Global Variable?
Posted 24 May 2013 - 02:29 AM
Some days ago I've answered a question in StackOverflow where a user asks how usually do frameworks work in general referring to authentication for certain areas.
Usually, in my projects I apply a kind of checkAccess (or the RBAM extension) and I've suggested that.
What was my surprise when everybody jumped over me saying it is not a good choice because it relies a global variable. But as from what I can see, it is really based in a global variable.
Or am I mistaken?
Here is the shortlink for the question: http://stackoverflow...6713594/1044644
Posted 24 May 2013 - 04:13 AM
They also omit the fact that checking privileges *always* involves another global state - logged in user in which context every privileges are resolved and you can also say that you do not know who set up this user context... but then you cannot trust anything in your own application even if you use "static class" or any other solution - you still need to fetch currently logged user id to check his privileges.
Roles combined with business rules are most powerful, flexible and reliable way to grant privileges
Posted 24 May 2013 - 08:18 AM
I've came here to ask, as for moments I've doubt the way Yii worked, and maybe you could catch up something on what those people said that I didn't.
If anyone would like to go there and answer the comment to clarify the way Yii works, I would be very thankful. If you do not, I would like to hear more opinions or facts on how do Yii handles this.