Yii Framework Forum: Do Yii Checkaccess Relies On A Global Variable? - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Do Yii Checkaccess Relies On A Global Variable? Rate Topic: -----

#1 User is offline   Ivo Pereira 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 39
  • Joined: 29-July 12

Posted 24 May 2013 - 02:29 AM

Hello,

Some days ago I've answered a question in StackOverflow where a user asks how usually do frameworks work in general referring to authentication for certain areas.

Usually, in my projects I apply a kind of checkAccess (or the RBAM extension) and I've suggested that.

What was my surprise when everybody jumped over me saying it is not a good choice because it relies a global variable. But as from what I can see, it is really based in a global variable.

Or am I mistaken?

Here is the shortlink for the question: http://stackoverflow...6713594/1044644



Thanks.
0

#2 User is offline   redguy 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 712
  • Joined: 02-July 10
  • Location:Central Poland

Posted 24 May 2013 - 04:13 AM

I think you are right, but I cannot quite understand what they mean by 'global scope' or 'global value'... looks like a total bullshit. I guess they totally do not know Yii. First of all: Yii::app() is just "singleton pattern" which is widely used in many languages and frameworks, next Yii::app()->user and Yii::app()->getUser() are really same thing in Yii (because of magic attributes implemented with __get and __set methods)

They also omit the fact that checking privileges *always* involves another global state - logged in user in which context every privileges are resolved and you can also say that you do not know who set up this user context... but then you cannot trust anything in your own application :) even if you use "static class" or any other solution - you still need to fetch currently logged user id to check his privileges.

Roles combined with business rules are most powerful, flexible and reliable way to grant privileges :)
red
0

#3 User is offline   Ivo Pereira 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 39
  • Joined: 29-July 12

Posted 24 May 2013 - 08:18 AM

Exactly what I thought. However, when people don't understand the way the framework works, they just fire in all the directions.

I've came here to ask, as for moments I've doubt the way Yii worked, and maybe you could catch up something on what those people said that I didn't.

If anyone would like to go there and answer the comment to clarify the way Yii works, I would be very thankful. If you do not, I would like to hear more opinions or facts on how do Yii handles this.
0

#4 User is offline   Ivo Pereira 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 39
  • Joined: 29-July 12

Posted 27 May 2013 - 12:38 PM

Anymore opinions?
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users