I created the following RBAC design to view files:
7426
It is designed to check the access for a single file with the action: file/view?id=1 and works as following:
[list=1]
[*]Administrator -> Allowed to view all files
[*]Manager -> Allowed to view files of same application which are no system files
[*]Limited -> Allowed to view my own files which are no system files
[/list]
I then started to create a filtered file list view with the action: file/index. Unfortunately, I don’t have a parameter to pass on to the rules, since I’m showing a list of them. I was thinking of implementing it as follows, but the rules obviously return false, since they have no file to check.
if ($user->can(Permissions::FILE_VIEW_NOSYSTEM)) {
$query->andWhere(['!=', 'typeV', '-1']);
}
if ($user->can(Permissions::FILE_VIEW_OWN)) {
$query->andWhere(['uploaded_by' => $user->id]);
}
The only design I was able to come up with, is to add a whole new set of permissions without rules for the list view. But it doesn’t seam right to me:
7427
Does someone have an idea for a better RBAC design, which also works with lists?