Extends CActiveRecord model to include RBAC (Role Based Access Control) in find functions
This is a try to develop an activerecord class capable of automatically filter records, on all multiple find functions (findAll, findAllByAttributes, findAllBySQL).
Its use is pretty simple: just install it, change your ACRecord model class with RBACActiveRecord and create the virtual attribute "access" (public function getAccess()) in model, as described below. Every multiple find function will return only records accessible by the logged in user.
NOTE: - this class is in alpha state and has not been optimized and on large datasets it could have some performance issue, as it performs array filtering after the recordset has been returned by findAll functions (as far as I know Yii 1.x is not capable of doing record filtering using php because it uses pure SQL to retreive records from the db). Any contribution in its development and comments are much appreciated. - this extension pack also contains a modified version of CActiveDataProvider that should be be used together with RBACActiveRecord, because recalculates the total number of items according to RBAC filtering.
TO INSTALL THIS EXTENSION
git clone https://github.com/iltoga/RBACModels.git from within your extension folder
or
unpack RBACModels.zip into extension folder
note: I strongly advise you to download the git version as it is the most updated
add:
'ext.RBACModels.components.*', // RBACActiveRecord and RBACDataProvider
to protected/main.cfg 'import' array
(optional) add:
'RBACActiveRecord' => array(
'performRBAC' => TRUE, // RBAC record filtering enabled by default
)
to protected/main.cfg 'params' array
Requirements ¶
Yii 1.1 or above (testet with Yii 1.1.13)
Usage ¶
In your ActiveRecord models (the one you want to filter using Rule Based Access Control): change the model class to RBACActiveRecord add the "access" virtual attribute as follows
public function getAccess(){
// Note that this can be any php function that returns a boolean value
// (TRUE/FALSE) and not necessarily a call to checkaccess (Rights module)
// Build it well, as a complex function could lead to slow response times
// as this will be called on every record returned by findAll methods
return "your access rule";
}
example (as described in RBACActiveRecord class):
public function getAccess(){
// using an access rule containing a with bizule
if (Yii::app()->user->checkAccess('storeaccess', array('store_id' => $this->id)){
$access = TRUE;
} else {
$access = FALSE;
}
return $access;
}
If you have any questions, please ask in the forum instead.
Signup or Login in order to comment.