Yii Framework Forum: Yii2 RBAC text based Rules - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Yii2 RBAC text based Rules To allow adding new Rules to RBAC in code, like with an RBAC Manager Rate Topic: -----

#1 User is offline   Jeff Nd4c 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 12
  • Joined: 01-November 11

Posted 12 March 2015 - 03:45 PM

I'd like to request that the new Yii2 RBAC system allow the use of text based rules. This would _not_ replace the current use of rules extended from the yii\rbac\Rule class, but would be an optional replacement for classes or an enhancement.

The reason for this is to make it easier to implement an online web-based RBAC manager. The previous Yii 1.*.* had text based business rules and this made it easier to manage without actually creating any new classes in the source code.

In the Yii2 Guide (as of 2015-03-12) it states:

"If your permissions hierarchy doesn't change at all and you have a fixed number of users you can create a console command that will initialize authorization data once via APIs offered by authManager..."

However. in the sample the console command does not create any Rules but only adds Rules that have already been created manually in an editor.

Obviously, in PHP, classes can be created runtime (like with the Gii Module) but this adds a new level of complexity to an already complex situation - that of managing RBAC without breaking RBAC.

I realize this might not be worth the effort since, with the current class based system, it is _not_ impossible to create a web based manager. But if it's not too difficult and would work as well as the Rule class, then I can see this as a real benefit to the framework.

My guess is that most Rules classes would be pretty slim and use the execute method as a simple function. I can imagine that storing anonymous functions would work quite easily.
0

#2 User is offline   Jeff Nd4c 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 12
  • Joined: 01-November 11

Posted 12 March 2015 - 03:56 PM

As an added note:

Storing functions as strings would require the use of eval like the Yii 1.*.* RBAC system. So, again, I want to say this might not be worth the effort.
0

#3 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 5,184
  • Joined: 17-January 09
  • Location:Russia

Posted 17 March 2015 - 02:44 AM

We aren't going to implement it. It's much harder to debug these and it's not really safe (in case of unauthorized DB access).
Yii 2.0 Development Cookbook

Enjoying Yii? Star us at github

Support me so I can work more on Yii: https://www.patreon.com/samdark
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users