Book Image

Agile Web Application Development with Yii1.1 and PHP5

Book Image

Agile Web Application Development with Yii1.1 and PHP5

Overview of this book

This book is a step by step tutorial in developing a real-world application using the incremental and iterative approach to software development. You learn about agile software development by leaning on the agile nature of the Yii application development framework. You touch on each aspect of the software development lifecycle by building a project task management application from concept through production deployment.After a brief, general introduction to the Yii framework and outlining the software development approach taken throughout the book, the chapters break down in the same way as software development iterations do in real-world projects. After the 1st iteration, you will have a working and tested application with a valid, tested connection to a database.In the 2nd and 3rd iterations, we flesh out our main database entities and domain object model and become familiar with Yii's object-relational-mapping (ORM) layer, Active Record. We also learn how to lean on Yii's auto-generation tools to automatically build our create/read/update/delete (CRUD) functionality against our newly created model. These iterations also focus on how Yii's form validation and submission model works. By the end of the third iteration you will have a working application that allows you to mange projects and issues (tasks) within those projects.The 4th and 5th iterations are dedicated to user management. We learn about the built-in authentication model within Yii to assist in application login and logout functionality. We then dive into the authorization model, first taking advantage of a Yii's simple access control model, then implementing the more sophisticated role-based access control (RBAC) framework that Yii provides.By the end of the 5th iteration, all of the basics of a task management application are in place. The next several iterations are focused on the nice-to-haves. We add user comment functionality, introducing a reusable content portlet architecture approach in the process. We add in an RSS Web feed and demonstrate how easy it is to integrate other third-party tools within a Yii application. We take advantage of Yii's theming structure to help streamline and design the application, and then introduce Yii's internationalization (I18N) features so the application can be adapted to various languages and regions without engineering changes.Finally, we turn our focus to production deployment. We introduce ways to optimize performance and security to prepare the application for a real-world production environment.
Table of Contents (19 chapters)
Agile Web Application Development with Yii 1.1 and PHP5
Credits
About the Author
About the Reviewers
Preface
Index

Role-based access control


Now that we have used the simple accessControl filter as a broad stroke to limiting access to authenticated users, we need to turn focus to meeting some more granular access control needs of our application. As we mentioned, users will play certain roles within a project. The project will have users of type owner, who can be thought of as project administrators. They will be granted all access to manipulate the project. The project will also have users of type member, who will be granted some access to project functionality, but a subset of what owners are able to perform. Finally, the project can have users of type reader, who are only able to view project related content and not alter it in any way. To achieve this type of access model based on the role of a user, we turn to the RBAC feature of Yii.

RBAC is an established approach in computer systems security to managing the access permissions of authenticated users. In short, the RBAC approach defines roles within...