In the Yii framework, is accessControl and accessRules independent of RBAC?
In Yii, there is an accessControl filter and a accessRules method that handle simple authorization to certain tasks. In my application, I have RBAC to authorize users into roles.
开发者_运维知识库My question is should I use the accessControl filter and accessRules method in addition to RBAC or can I remove them and use RBAC exclusively?
You can make use of RBAC along with the accessRules() method by passing an array with the roles you want to check (of course, those roles need to be defined in your RBAC schema for it to work).
Further information on that: http://www.yiiframework.com/doc/api/1.1/CAccessControlFilter
Also you can use RBAC by its own, by calling Yii::app()->user->checkAccess() everytime you want to check if a user's got the permissions to access a resource, task or anything else.
I would recommend you to make use of accessRules + RBAC when you need to restrict access to controllers/actions according to user's roles, and use RBAC alone when it comes to a more granular access control.
精彩评论