What is the reason for having authorization rules in the database? What is the reason for having authorization rules in the database? php php

What is the reason for having authorization rules in the database?


php yii roles rbac

You can put as many logic as you want into your PHP code for your business logic. Yii supports many ways of adding this logic, eg. LoginForm.php, UserIdentity.php, SiteController.php, ... you are not limited here.

What Yii also supports is adding a snippet of logic to your RBAC. A common use case is, that you assign the two rules 'Authenticated' and 'Guest' to all users of your site by default, but with bizRules.While 'Authenticated' has a bizRule like

return !Yii::app()->user->isGuest;

'Guest' has

return Yii::app()->user->isGuest;

The outcome is, that your logged in users are not longer 'Guests' but 'Authenticated'.Another example would be edit views for user profiles, which are only editable by current user, like

return $model->id === Yii::app()->user->id;

php yii roles rbac

Why would you put anything in a database vs code?

One good reason is so that non-developers can edit it.

In our app, we allow users to manage their permissions on their own users and items.

You don't have to use yii's rbac business rules. You could allow say a few different roles and tasks, and have the rest of the auth logic in code.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last