Help with design of RBAC

Yii 2.0 General Discussions
1

Sorry for the long windedness, but I am a Yii newbie and am trying to learn proper development. I am a teacher, not a developer by any stretch of the imagination. I write php for fun because it interests me.

I am converting a site that uses some form of rbac (my own interpretation). I would like to get some assistance with RBAC under Yii so I don’t make a total mess of it. My site is a school management system (gradebook, attendance etc…)

Currently (non yii site)

  • I have a table called links that has fields like forAdmin, forTeacher, forStudent etc…

  • I also have a table called user2building with fields like isAdmin, isTeacher, isStudent etc…

  • I have php pages called teach_grades.php admin_users.php stud_reports.php etc… - Changing these names with new site

  • I check to see if a user isAdmin before allowing a page called admin_* to load etc…

  • When a user logs in, I build a navigation section from links based on isAdmin, isTeacher etc…

Some of my questions are:

  1. Some of my pages are for multiple roles like reports (student progress report) can be viewed by Teachers, Parents, Students…

  • The difference is that when a student logs in all they select is the class.

  • When a parent logs in they select a student (only one of their own children) then a class.

  • When a teacher logs in, they select a class (onley one of their own) then a student in that class.

However, not all pages are available to all user types. One might think that Admin (Principal, not db admin) has access to everything and Parents have access to the least and everything in between inherits from lesser roles, but this is not the case.

A Teacher has a gradebook to enter grades etc… but the Admin cannot access the teachers gradebook direclty, all they can do is view a progress report. Don’t want an Admin or Guidance Counselor chaning grades in my gradebook.

So how should I set up the RBAC based on these constraints? I am assuming that Admin, Teacher, Student, Parent etc. can be the Roles, but what about Rules & Permissions? Users are a no brainer (the users in my user table)…

  1. Can/should users have multiple roles?

  2. Is it best to keep these things (roles, rules & permissions) in the db?

  3. Can you suggest a design/paradigm for me to use here? Not sure I fully understand how what I do translates to Yii RBAC.

Thank you in advance for you time and assistance.

J

2

Thought these 2 videos would help answer most of your questions: