Question about RBAC's "task" entity

[Boaz Rymland]

Hi all!

First question for this to-be-extremely-busy-mailing-list - yey!

Basically, I cannot fully understand Yii's RBAC definition of a "task".

I've written a forum post that explains my need in a good manner, I hope. Right here. 

I'll be grateful if anyone can shed light on the subject... .

Thanks!

Boaz.

[Waseem Hamshawi]

I'm going to answer here too.. maybe it'll bring some life to the
group :)
As I understood, it's a matter of semantic and naming convention.
You choose how to divide/abstract the RBAC using roles, operations and
tasks.
However, if you have a set of auth. items which have something
incommon, I would recommend creating a task (without bizrules) and
assignning operations as its children (with bizrules). i.e : task =>
manage members | operations=> edit member, add member, etc..
Again, it depends on the abstraction from your prespective. But the
most important thing is to be consistent, so you won't get into too
much troubles with complex systems.

On Feb 19, 10:56 pm, Boaz Rymland <boaz.ryml...@gmail.com> wrote:
> Hi all!
>
> First question for this to-be-extremely-busy-mailing-list - yey!
>
> Basically, I cannot fully understand Yii's RBAC definition of a "task".
> I've written a forum post that explains my need in a good manner, I hope.

> Right here<http://www.yiiframework.com/forum/index.php/topic/28993-what-exactly-...>
> .

[Boaz Rymland]

Hi,

Thanks for the double answer (finally - some traffic here! :-) .

I'm gonna wait for more answers on the official Yii forum. Maybe something will come out of there too. 

As of now, indeed, I don't see more than semantic difference between an operation and a task, which points to either a bad design (over-design...) or that I missed it and a more fundamental difference do exists.

Why are you using role and tasks exclusively? To me, it seems more natural to use role and operation ("do something"). I spent several years in Drupal. Drupal uses simpler RBAC authorization system which contains roles and operations (the latter can be argued to be tasks but if you compare the actual permissions granted in drupal, meaning "create page", "update page", etc, those are very much the same operations demonstrated in Yii's docs).

Thanks,

Boaz.

--
You received this message because you are subscribed to the Google Groups "Yii ישראל (Israel)" group.
To post to this group, send email to yii-i...@googlegroups.com.
To unsubscribe from this group, send email to yii-israel+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/yii-israel?hl=en.

[Waseem Hamshawi]

i'm not familiar with drupal's rbac, but if it seems more natural to
you then go for it :)
if you take a look at yii's class reference, you can see they are all
AuthItems.
to be sure, I found now a post from Yii's main developer which can
clear things even more:
http://www.yiiframework.com/forum/index.php/topic/2313-rbac-confusion/page__view__findpost__p__16035

On Feb 20, 9:09 am, Boaz Rymland <boaz.ryml...@gmail.com> wrote:
> Hi,
>
> Thanks for the double answer (finally - some traffic here! :-) .
> I'm gonna wait for more answers on the official Yii forum. Maybe something
> will come out of there too.

> As of now, indeed, I don't see more than semantic difference between an *
> operation* and a *task*, which points to either a bad design

[Boaz Rymland]

Yeah, that certainly adds some explanation: operations are meant to be a basic building block which is not viewable or mess-able by administrator. Developers are using them to compose "tasks" which are the entities that should be played with by site administrators. And tasks compose Roles.

That's a (one?) good way to grasp it I guess. 

Thanks!

Boaz.

[Waseem Hamshawi]

yep, actually the best way to grasp it :) but eventually it's your
choice...

On Feb 20, 10:49 am, Boaz Rymland <boaz.ryml...@gmail.com> wrote:
> Yeah, that certainly adds some explanation: operations are meant to be a
> basic building block which is not viewable or mess-able by administrator.
> Developers are using them to compose "tasks" which are the entities that
> should be played with by site administrators. And tasks compose Roles.
>
> That's a (one?) good way to grasp it I guess.
>
> Thanks!
> Boaz.
>

> On Mon, Feb 20, 2012 at 10:39 AM, Waseem Hamshawi <hamsh...@gmail.com>wrote:
>
>
>
>
>
>
>
> > i'm not familiar with drupal's rbac, but if it seems more natural to
> > you then go for it :)
> > if you take a look at yii's class reference, you can see they are all
> > AuthItems.
> > to be sure, I found now a post from Yii's main developer which can
> > clear things even more:
>

> >http://www.yiiframework.com/forum/index.php/topic/2313-rbac-confusion...

[Boaz Rymland]

thanks.

posted an update on the Yii forum. I hope it will get more comments. Attaching to collective wisdom is a good behavior (note the intended technical terms  ).

Boaz.

[Waseem Hamshawi]

hehe.. you forgot to add the "C" 's :)

On Feb 20, 11:25 am, Boaz Rymland <boaz.ryml...@gmail.com> wrote:
> thanks.
> posted an update on the Yii forum. I hope it will get more comments.
> Attaching to collective wisdom is a good behavior (note the intended

> technical terms [?] ).
>
> Boaz.

>  35C.gif
> < 1KViewDownload

[Boaz Rymland]

:)

[Boaz Rymland]

After a couple of days it rolled in the background of my head I think that I would take your advice as I think that its good: given the definition of Operation, Task and Role as we discussed, and I got no further comments about this to get wiser, probably its most appropriate to use "tasks" mostly and "operation" only by developers, where appropriate. Since the latter doesn't come too often, I think, the design would probably be composed of Roles and Tasks.

Just my 2 agorot on this. 

Boaz.