StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PORBAC in Yii - access checking
primarykey
Id
19992747
data
AcceptedAnswerId
0
AnswerCount
3
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2013-11-15T03:02:08.037
FavoriteCount
1
LastActivityDate
2013-11-15T09:09:56.527
LastEditDate
2013-11-15T07:29:07.803
LastEditorUserId
640251
OwnerUserId
640251
ParentId
0
PostTypeId
1
Score
1
ViewCount
2248
LastEditorDisplayName
text
Body
I have a role, task and operation hierarchy set up, and assigned to users, with operations mirroring controller:action. From the <a href="http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#role-based-access-control" rel="nofollow">docs</a>, if I want to check that a user has access to an operation, I check, e.g: <pre><code>if(Yii::app()->user->checkAccess('createPost')) </code></pre> This gives the impression that I have to manually add code in every action to check if the user is authorised to the corresponding role. Am I missing something - surely there's a way of doing this automatically for each action. I could probably extend the base Controller class and add something (in preFilter?) that uses Yii::app()->controller and Yii::app()->controller->action to generate the role, and then checks the user is authorised to that role. But I'm sure there must be a way of doing this already? I know the accessRules filter allows you to pass roles in, but that seems to defeat the purpose of having a role>task>operation hierarchy, and having to assign such rules to each action is nearly as bad as doing the check in each function in the first place. Is there some other option I'm missing that will automatically check that a user performing e.g. /item/delete is authorised to the operation 'item:delete' (or whatever format is expected in the DB AuthItem table)? EDIT Clarifying my issue with accessRules alongside database RBAC: I define a role structure in my database - a number of roles, each of which is authorised to multiple tasks, which in turn are composed of granular operations (e.g. role 'Reader' might be authorised to task 'Browse Posts', which is made up of 'post/index' and 'post/view'). I then assign a user to a role, which grants them authority to that role's tasks, and the operations within those tasks. If I then call user->checkAccess for a controller action (i.e. operation), it checks in the DB that the user is authorised to a role, which contains a task, which includes that operation. But, if I go through each controller and define what roles are authorised to each action, I'm duplicating the work I've already done in the database, possibly with conflicting rules.
Tags
<php><yii><access-control><rbac>
Title
RBAC in Yii - access checking
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USMick O'Hea
UserOwnerUserId
1. USMick O'Hea
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.