Revision #7 has been created by Gismo on Dec 5, 2012, 11:46:55 AM with the memo:
Add russian version
« previous (#6) next (#9) »
Getting to Understand Hierarchical RBAC Scheme
hierarchy, RBAC, security, understanding
[...]Returning to the above code snippet, it may seem that we're providing the <b>post</b> parameter to the <b>updatePost</b> operation whose business rule is empty and requires no parameters at all. This is truth but not all of it. In fact Yii passes the same parameter set (there can be several parameters as they are passed as an array) to every hierarchy item at every iteration. If item's business rule requires no parameters, it simply ignores them. If it does require them, it takes only those that it needs.
This leads to the two possible parameter passing strategies. The first one is to remember for every auth item what other auth items can be reached from it in the hierarchy and provide each call to <b>checkAccess</b> with the exact number of parameters. The advantage of this strategy is code brevity and probably efficiency. The other strategy is to always pass all parameters to every auth item, no matter if they would actually be used for business rule evaluation. This is a "fire-and-forget" method which can help to avoid much of trial and error while implementing you app's security. Its downside is possible code clutter and maybe drop in script performance.
This is only basic information about the RBAC authorization model in Yii; much more advanced security models can be built using it. Please refer to <a href="http://www.yiiframework.com/doc/guide/">The Definitive Guide to Yii</a> and <a href="http://www.yiiframework.com/doc/api/">Class Reference</a> for more details. Also there's a number of web interfaces implemented as <a href="http://www.yiiframework.com/extensions/?category=1">extensions</a> which can help you do the Yii RBAC administration.