Hi guys, I'm trying to understand the usage of accessRules in RBAC especially the actions, users and roles part.
1. What is the difference between actions in accessRules and RBAC operations? Assuming I have create, read, update, delete and approve action in a controller, do I have to create 5 operation (create, read, update, delete and approve) in RBAC as well?
2. What is the difference between users and roles in accessRules? Is users specifically refers to user name while roles refers to the user roles created in RBAC?
3. Which part of the accessRules do we specify the operation name we created when we define the authorization hierarchy?
Let's assume I have the following actions in my Article controller:
And 2 types of user group:
My RBAC structure would be like this (am I correct?)
Then at accessRules I would have the following:
Am I doing it correctly for the above? I still cannot figure out where I should place the operation name defined in authorization hierarchy.
Thanks.
1. What is the difference between actions in accessRules and RBAC operations? Assuming I have create, read, update, delete and approve action in a controller, do I have to create 5 operation (create, read, update, delete and approve) in RBAC as well?
2. What is the difference between users and roles in accessRules? Is users specifically refers to user name while roles refers to the user roles created in RBAC?
3. Which part of the accessRules do we specify the operation name we created when we define the authorization hierarchy?
Let's assume I have the following actions in my Article controller:
- index - create - read - update - delete - admin - approve
And 2 types of user group:
- member - administrator
My RBAC structure would be like this (am I correct?)
// Article operations
$auth->createOperation('createArticle', 'Create an article');
$auth->createOperation('updateArticle', 'Update article');
$auth->createOperation('deleteArticle', 'Delete an article');
$auth->createOperation('adminArticle', 'Admin article');
$auth->createOperation('approveArticle', 'Approve an article');
// moderator roles
$role = $auth->createRole('member', 'User with user member permissions');
$role->addChild('createArticle');
// admin roles
$role = $auth->createRole('admin', 'User with user administration permissions');
$role->addChild('createArticle');
$role->addChild('updateArticle');
$role->addChild('deleteArticle');
$role->addChild('adminArticle');
$role->addChild('approveArticle');Then at accessRules I would have the following:
public function accessRules()
{
return array(
array(
'allow',
'actions' => array('index', 'view'),
'users' => array('*')
),
array(
'allow',
'actions' => array('create'),
'roles' => array('member')
),
array(
'allow',
'actions' => array('create', 'admin', 'update', 'delete', 'approve'),
'roles' => array('admin')
),
array(
'deny',
'users' => array('*')
)
);
}Am I doing it correctly for the above? I still cannot figure out where I should place the operation name defined in authorization hierarchy.
Thanks.