So I have the following setup (which doesn’t really make any sense, I was just doing this to get used to RBAC):
$auth = Yii::app()->authManager;
$auth->createOperation('create_entity', 'Create a new Entity');
$rule = 'return Yii::app()->user->entity->type_id==$params["type"]->type_id;';
$auth->createTask('create_own_type', 'Create Entities of your own Type', $rule)
->addChild('create_entity');
$rule = 'return !Yii::app()->user->isGuest;';
$auth->createRole('authenticated', 'Authenticated Entities', $rule)
->addChild('create_own_type');
$auth->save();
With which I do the following tests:
$text = array();
if(isset($_POST['test'])) {
$text[] = Yii::app()->user->checkAccess('create_entity', array('type' => Type::model()->findByPk('1'))) ?
'You can create a User' : 'You can <b>NOT</b> create a User';
$text[] = Yii::app()->user->checkAccess('create_entity', array('type' => Type::model()->findByPk('2'))) ?
'You can create a Project' : 'You can <b>NOT</b> create a Project';
}
The logged in user is of type 1.
Now, when I echo all items of $text in my view, I get the following:
This is incorrect, it should only be possible to create a user, and not a project. Also, when I switch the two tests around (so first check for findByPk(‘2’), and then for ‘1’, I get the opposite result:
It looks like the ‘create_entity’ permission that was obtained by the first call to checkAccess() is cached and therefore also used by the second call, even though a different argument is passed in $params. What would be the best way to fix this?