This HowTo assumes that you have a smattering of ACL in general and of how the acl-extension works basically. It will introduce you into the abstract and give you a hint on how to use Business-Rules. If you have in-depth questions, please refer to the extension documentation.
Using ACL in an RBAC-manner cannot and should never obscure the fact that the underlying system is still ACL-based. In fact, the Business-Rules are just another layer in the permission-check plan.
There are scenarios when you work with DVCS (like Mercurial or Git) and CDbMessageSource. To my experience keeping the development database and production database in sync can be very time consuming. Plus, when working in a team, you never know when the database was updated.
Yesterday I've written a module for myself. Just an experiment. When I was feeling satisfied, I've created a repository on github, and pushed my code. My module and yii are on github. So I'll show you a "new" way to start our yii projects.
For those who feel, the Controller->accessRules() or RBAC (Role-Based Access Control) is too complicated or doesn't want the username(s) to be hard-coded in accessRules(), here is a very simple, easy-to-implement solution.
Say, you want to write a test for a component which provides a caching feature. How would you know, that some method of your component returns a cached result? With the solution described here you can inspect all log outputs. So you could search the logs for accesses to the DB to really make sure, that the result was served from cache.
In this mini howto I would like to show how to add a required captcha field in the login form, after a defined number of unsuccessfull attempts.
To do this, I will use the blog demo that you have in default Yii download package (path/to/yii/demos/blog).