It is actually mentioned in the documentation
It is actually mentioned in the documentation
This HowTo assumes that you have a smattering of ACL in general and of how the acl-extension works basically. It will introduce you into the abstract and give you a hint on how to use Business-Rules. If you have in-depth questions, please refer to the extension documentation. Using ACL in an RBAC-manner cannot and should never obs...
This article shows a quick and easy way to implement flat user access control system. Flat means, that user access is controlled by level only, which is solution exactly opposite to complex RBAC access systems.
In this wiki, I try to implement a simple authorization schema without putting much logic inside a file or into database table. We are constructing authorization hierarchy inside the controller. We are getting roles for the current user from database table and assigning only roles to user that are declared in the particular controller. We have brought down the work of loading of auth data at ma...
I assume you are familiar with accessControl standard filter. It allows you to separate privileges to run some action from action code itself. There is however one problem with most common usage - you cannot use bizRules, at least based on some parameters passed to 'checkAccess' just because it is hard to pass them in accessRules() result.
Implementing a role based access control is a very easy process and you can even load your roles from the database if you want.
Here's a possible implementation for MongoDb of the RBAC standard. Create a class "MongoDbManager" in `common\components
and modify your
params.php
` file like this:
This behavior enable you to command the RBAC via console. This avoids you to install a entire rbac graphic toolkit to set up some rules in the rbac, maybe you are running inside a ssh console.