Yii2 RBAC Rule implementation

If I understand you clearly, you want to use Yii2 RBAC Rule to implement some permissions on the system users (Admin and encoder). Well, this is quite straight forward to some extent

Yii2 has existing tables for this purpose. These tables arei. auth_assignmentii. auth_itemiii. auth_item_childiv. auth_rule

First thing you need to do is to choose which authManager you want to use either the PhpManager or DBManager but i would advise you use DBManager reason being that, it is what i use

If you are using the Yii2 Basic template, add the following lines of code under components in web.php

'authManager' => [                'class' => 'yii\rbac\DbManager',                'defaultRoles' => ['guest'], ],

If Yii2 Advanced template, add the lines of code below under components in main.php inside the \common\config folder

Having done the said above steps,

• Run yii migrate --migrationPath=@yii/rbac/migrations from the command line

The above code will generate/create the four tables that was earlier listed automatically inside the database for you

To create your RBAC Rules.

This requires you creating permissions and roles.

For basic template,

• Create a file and name it RbacController.php inside commands folder

See http://pastebin.com/RAKpZX2J to see how it looks like

For Advanced template,- Create same file but instead it will be inside console\controllers\RbacController.php

Having done all these,

• Run yii rbac/init //This willl run the actionInit() inside the RbacController file

if you successfully created all said above, the you can do something like this to know if a user has permission

if(Yii::$app->user->can('createUser')){}

I hope this helps..

I'm struggling also with this. All I could figure out until now, that $params['post'] is absolutely not working for me. I have no clue where-what should I define in order to make it work. But what I could figure out based on the post of Joel Small, that if I'm doing simply so (I want to simply deny access to an update form in case of some circumstances regarding the state of model):

app\rbac\ZnwRule.php:

namespace app\rbac;use yii\rbac\Rule;use app\models\Znw;class ZnwRule extends Rule {    public function execute($user, $item, $params) {        $znw = Znw::findOne(\Yii::$app->request->get('id'));        return $znw->created_by || $znw->zwz_id == 0 || !$znw->created_at ? false : true;    }}

and then in ZnwController:

public function actionUpdatezd($id) {    if (\Yii::$app->user->can('updatezd')) {    ...    } else {        throw new \yii\web\ForbiddenHttpException('Sorry, you are not allowed to do that.');    }

I have defined in yii2-admin that I have a rule:

name: ZnwRule

class: app\rbac\ZnwRule

and I have created a permission called updatezd:

name: updatezd

rule: ZnwRule

I have started my app with a main Controller where I'm checking if the route is allowed in yii2-admin or not for a certain role, and all other controllers extend this one. Now that I had to deal with permissions and rules, I had to add the route also to the permission.I'm sure it can be easier accomplished, but at least it seems to be working so far. It's not much, but I hope it helps to some extents.

If you require simple role-check, you can extend the AccessRule class to accommodate new roles without delving into a full blown Role Based Access Control. Check this tutorial for complete details: Simpler Role Based Authorization in Yii 2.0

This is the easiest way I have discovered to understand, implement and maintain roles, however you will trade-off the extensive flexibility provided by full RBAC for simplicity.

Full disclosure: I am the author of the blog post.