Where to write Yii authManager business rules?

Question

I am using Yii's authManager to deal with RBAC in my project. I'm fairly new to this concept.

My question is regarding writing and storing the Business Rules. Since I am using CDbAutManager everything is stored in the database. Which makes sense for storing which user has which role, since users are growing dynamically. However it seems that the business rules are also stored there. I'm not sure I understand.

I need to write a rule for 'updateOwnPost'. Shouldn't this be written in a PHP file somewhere so the project can be easily ported? If I start a new website with the same code, I want to keep the rules but not users...

Also, how complex can those rules be? I don't really see myself writing a 20-line rule within the database ...

My question is two-fold:

First in general, why is it implemented like this and what is the normal way of doing things?

Secondly, so I can get going, Can I make my business rules a function call to a real PHP file? If so, how?

Answer 1

Answers:

1), Yes, biz rules are stored in the DB with CDbAuthManager. You can always create your own AuthManager ("is a" CAuthManager) and do whatever you'd like. Bizrules are simple PHP code snippets, usually. Your case is no different. For example of such an implementation see: https://stackoverflow.com/a/13110311/570009

2) I believe that you can call a "callable" PHP code and in any case, the PHP bizrule code is run in via eval() IIRC.