Issue
I am trying to design a database for RBAC with a twist (or perhaps its only me who thinks its a twist?). As I understand RBAC uses roles and permissions to grant/deny access to certain objects in my system. Everything is nice and clear when I have just one instance of my site and simply create a role 'Main admin', 'Secondary admin', 'User' etc.
However what if I have accounts inside the system? So I have one system which has say 'London', 'Tokyo' and 'Moscow' accounts. Now I will have 'Main admin' for each of the accounts, as well as many 'Users' in each account - of course Moscow guys should not be able to login to London account. How do I do it? Do I create some additional table that will bind assignments to accounts to users? Or do I add accountid to assignments table? Or perhaps i should create multiple roles like 'moscow_main_admin', 'london_main_admin' etc. What is the best approach for this type of situation?
Also I believe I will have some users who are 'Main admin' for London account and 'Secondary admin' for Tokyo account.
I plan to use Yii with it's built in RBAC... if that makes any difference.
How to tackle it?
Thank you in advance!
Solution
You could keep the "admin" roles and rules as you've already used them. And add a new role for each town 'moscow', 'london', etc.... In your controller, call a checkAccess in your action methods like in the following example.
public function actionEditArticle($town)
{
if(!Yii::app()->user->checkAccess($town)
Yii::app()->end();
// ... more code
}
A more advanced method would be to extend CController in your component directory, and overrides the runAction($action) method.
public function runAction($action)
{
if (isset($_GET['town']) {
if(!Yii::app()->user->checkAccess($_GET['town']) Yii::app()->end();
}
parent::runAction($action);
}
Answered By - jptsetung
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.