Yii Rights extension – RBAC (Role based access control )

Mar 06 2012

Rights is a extension module in yii framework which can be used to have a interface for role based access control..

Using rights its very easy to manage various roles and permission in the application, and can be used as a standard for all projects..

Some Codes that people often need but are not documented..

1) To determine if the logged user is superuser

1 2
echo "I am one of the superuser of application, I have all access to app.";
view raw gistfile1.txt hosted with ❤ by GitHub


2) Get all superusers in the application

view raw gistfile1.txt hosted with ❤ by GitHub


3) Get all roles assigned to the logged-in user

1 2 3
foreach($roles as $role)
echo $role->name."<br />";
view raw gistfile1.txt hosted with ❤ by GitHub

4) Get all users of a particular role (Lets say there is a DataEntry as a role whose job is to enter data in the system)

1 2 3 4
foreach($data_entry_users as $id=>$assignment)
view raw gistfile1.txt hosted with ❤ by GitHub

5) Assign a user a role in the system when he signs-up..

1 2 3 4 5 6 7
$authorizer = Yii::app()-&gt;getModule("rights")-&gt;getAuthorizer();
$authorizer-&gt;authManager-&gt;assign($type, $model-&gt;id);
view raw gistfile1.txt hosted with ❤ by GitHub

Case: When superuser is creating the user he has a drop-down List of all roles in the system and he can select a role for the new user..but if a person normally signs-up he doesn’t has that choice, he must be give User role..

Where $model->id is the id of new created user..

6) Generate drop-down of all available roles in the application for a superuser so that he can select a role while user creation..

1 2 3 4 5 6 7 8 9 10 11 12 13 14
if (Yii::app()->user->isSuperuser) {
$all_roles=new RAuthItemDataProvider('roles', array(
<label for="type_id">Type</label>
<?php echo CHtml::dropDownList("Type",'',CHtml::listData($data,'name','name'));?>
view raw gistfile1.txt hosted with ❤ by GitHub

8 responses so far

  1. Very true, often needed but not documented. Thank’s a ton. Bookmark this :)

  2. Thanks a lot!

  3. thanks! bookmarked!

  4. Hi, thanks for the blog!
    I’m trying to understand what each table the rights module generated does. It seems that

    - tbl_authitem: stores the contents for roles, tasks and operations.
    - tbl_authitemchild: stores the relationship between roles, tasks and operations.
    - tbl_authassignment: stores the assignment of roles, tasks and operations to users.

    However, I’ve no idea what tbl_rights does. Can you advice me on that?


  5. Hi Rajat, I created Superadmin to control whole system and Admin for create user only. But I don’t want to show the superadmin role at Admin when Admin create a new user account. How could I do that?

  6. Thanks. It really helped.

  7. Great post, many thanks ;)

  8. thanks!

Leave a Reply