0

I am using Yii2 basic and RBAC. I have a scenario where admin creates various centers. Then admin create users and assigns the users to these centers. Each centers has multiple users. Now these users create different persons record and each users can have access to every persons records created by users belonging to a particular center.

Say Center A has Two Users. User 1 and User 2 can create persons record. Now User 1 and User 2 can access these persons record. Other centers users cannot access these persons record created by either User 1 or User 2 belonging to Center A. Now In RBAC while creating rules first return statement is valid or second return statement is valid

Users from one center can have access to their persons record. But users from other centers should not be able to access these persons records of Center A.

Statement 1:

return isset($params['model']) ? ('user-' . $params['model']->UserId == $user) :false ;

Statement 2:

return isset($params['model']) ? ('center-' . $params['model']->CenterId== $user) :false ;

Database Structure

Center Table

  1. CenterId
  2. CenterName

User Table

  1. UserId
  2. Name

Person Table

  1. PersonId
  2. CenterId
  3. UserId
  4. PersonName

Center_Assignment

  1. CenterAssignId
  2. CenterId
  3. UserId

So my rule execute function is as below

public function execute($user, $item, $params)
    {

        return isset($params['model']) ? ('center_assignment-' . $params['model']->CenterId== $user) :false ;
    }
Questions
  • 69
  • 1
  • 12

1 Answers1

0

If you need per-row filtering of data you can overload find method of them model to automatically add additional where conditions. Those conditions can use information about the current user (e.g. using Yii::$app->user->identity) and add proper limiting condition using andWhere. If you ensure that model/table access will always use find method (default way of data access), access control will work.

rastik
  • 2,537
  • 2
  • 12
  • 14