Difference between #10 and #9 of CPhpAuthManager - how it works, and when to use it

CPhpAuthManager - how it works, and when to use it
CPhpAuthManager, rbac, accessControl, roles, admin, moderator, guest, banned
Before ridingreading this article, you should first learn
this [How to setup RBAC with a php

It is actually mentioned in the documentation

"CPhpAuthManager") :
<quote>CPhpAuthManager is mainly suitable for authorization data that is
not too big (for example, the authorization data for a personal blog system).
Use CDbAuthManager for more complex authorization data.</quote>

So you maybe mistakenly thought it iswas perfect and
willwould allow you to manage the roles of the next
website with million users, and it doesn't ...
BUT there are ways to improve it actually, if your hierarchy structure is
simple, so you can serve up to million users with it it.

Why CPhpAuthManager can be evil?
At the first glance what is the problem? You set auth.php file, it has the rules
- no problems.

But actually when you dig dipperdeeper you understand
there is a lot of issues with it .

Lets take a look at the
The key to start understanding is this snippet:


when you assign a role to some userId, it is added to the existing assignments,
userId serve as key, and that is how the access is checked... just like 


Now as you saw in the code, there is no sessions there, so if you don't save
next time user go to another page, no roles...

so you should save **at the end** of role assignment or revoke (at and of cycle,
not in the middle!!!)

Now to the punch line


what it does is  it takes all the assignments and roles and just write them to

THe problem: Remember?

So as you I think understood, auth.php will be overwritten, and rows with users
ID will be added to each role...

So if you have for example 10000 users, you will have about 10000+ rows inside
auth.php loaded every time !!!

if you have 100000 it will just break...

cause it overwrite it **every time**!!!

What to do?

So as mentioned in the documentation, if you don't use some smart strategy, you
should not use CPhpAuthManager for project with more than few hundred users!

But... if your hierarchy is simple like:

banned, guest, user, moderator, admin

And in **most** of the websites this is the case...

You can follow this rules and handle a million users easily!

The rules
**1)** **Never** revoke if you don't delete the user or change row...<br>
**2)** assign role and do CPhpAuthManager::save if and only if the user is
assigned with moderator or admin rule<br>
**3)** in accessControl **never** use 


_Assuming that you have some role field in your users table..._

the banned rule will serve you in the authorization... no reason to assigned
save it at all, just don't login banned users!

instead of **'roles'=>array('user')** **always** use the **@** for guests use
Like this:

  'users' => array('@')

**3)** use the 

**only** for moderators and admins!


If you follow this rules, if you have 1 million of users.
You will have about 100 moderators and few admins... so it is peace of cake for
CPhpAuthManager if you follow the rulesrules.

You just need to remember that for every role assignment hou
have to add a row to your auth.php file that is
loaded every time!

I described the issue, but it is always better to do it yourself to understand
in more depth what is the "problem" with it.
And don't understand me wrong... it is awsome!awesome! but
it not mentmeant to work with a lot of users and

just do this loop after you set the basic rules in auth.php

Just do this loop after you set the basic rules in auth.php

$auth = Yii::app()->authManager;
   $auth->assign('user', $userID);

execute it and after this open the