yii authenticate system based on usergroups instead of roles

StackOverflow https://stackoverflow.com/questions/22478878

Domanda

I'm trying to build my own custom authenticate system on this framework. I've set up RBAC of Yii. It's working well. It gives me roles. Later on I've edited the code and now I can get users id, and username also. But what I want is a bit more complicated. I don't like this role system of RBAC, because you have fixed roles written inside code.

My idea is a user having usergroup ID. and in database I can manipulate what can does each usergroup.

So for example user loggs in and wants to make new topic, While authenticate RBAC uses usergroup ID to connect to database and get all data according to this usergroup. then it creates something like:

 $this->setState('create_new_topoic', <info from database);
 $this->setState('edit_topic', <info from database);
 $this->setState('view_topic'', <info from database);

And then during application in controllers and views I will just use everywhere

if (isset(Yii::app()->user->create_new_topoic) AND (Yii::app()->user->create_new_topoic>0))
{ show 'create new topic button' }

Is this normal practice? I'm interested in how this will react on load of server and MYSQL. I'm overloading my application or such system is ok for server to handle?

È stato utile?

Soluzione

What you want is what RBAC exactly can do. In fact, you give a ROLE to user instead of GROUP. Idea is:

  1. Create Your operations (For example create/update)
  2. Create appropriate roles based on your operations (For example Modifier, who can perform create and update)
  3. Assign to users one or more appropriate roles
  4. Wherever/Whenever you can easily check access of your users by their roles

Talking in code:

$rbac=Yii::app()->CAuthManager();
  1. $rbac->createOperation('create','This is a description for this operation')
  2. $rbac->createRole('modifier','This is a description for this role')
  3. $rbac->assign('modifier','USER_ID')
  4. $rbac->checkAccess('modifier')

Please do not limit yourself into RBAC methods provided by Yii. You can do every manipulations in your database and write your own customized methods. (I mean, while you are using rbac, you can customize the way you use it. For example considering groups as roles)

To be more clear, you can read Yii's RBAC document:

Yii's IAuthManager - RBAC

Altri suggerimenti

RBAC works just fine. Another method is 1) Assigning User Type to session variable at time of login. 2) Checking User Type in the View. The user table needs a User Type column obviously. I think that approach is fine, and it won't overload your server. Of course it will add a few miliseconds but it is required if you want the same view to display different things based on role.

In your UserIdentity File (/protected/components)

public function authenticate()
{
    ....
        $this->setState('type', $user->type); //Set's Type here
        $user->save();
    ....
}

In Your Views/Controllers

<?php if (Yii::app()->user->type == 'Finance') : ?>
{some code}
<?php else: ?>
{other code}
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top