Yii2 RBAC Rule implementation
If I understand you clearly, you want to use Yii2 RBAC Rule to implement some permissions on the system users (Admin and encoder). Well, this is quite straight forward to some extent
Yii2 has existing tables for this purpose. These tables arei. auth_assignmentii. auth_itemiii. auth_item_childiv. auth_rule
First thing you need to do is to choose which authManager you want to use either the PhpManager or DBManager but i would advise you use DBManager reason being that, it is what i use
If you are using the Yii2 Basic template, add the following lines of code under components in web.php
'authManager' => [ 'class' => 'yii\rbac\DbManager', 'defaultRoles' => ['guest'], ],
If Yii2 Advanced template, add the lines of code below under components in main.php inside the \common\config folder
Having done the said above steps,
- Run yii migrate --migrationPath=@yii/rbac/migrations from the command line
The above code will generate/create the four tables that was earlier listed automatically inside the database for you
To create your RBAC Rules.
This requires you creating permissions and roles.
For basic template,
- Create a file and name it RbacController.php inside commands folder
See http://pastebin.com/RAKpZX2J to see how it looks like
For Advanced template,- Create same file but instead it will be inside console\controllers\RbacController.php
Having done all these,
- Run yii rbac/init //This willl run the actionInit() inside the RbacController file
if you successfully created all said above, the you can do something like this to know if a user has permission
if(Yii::$app->user->can('createUser')){}
I hope this helps..
I'm struggling also with this. All I could figure out until now, that $params['post']
is absolutely not working for me. I have no clue where-what should I define in order to make it work. But what I could figure out based on the post of Joel Small, that if I'm doing simply so (I want to simply deny access to an update form in case of some circumstances regarding the state of model):
app\rbac\ZnwRule.php:
namespace app\rbac;use yii\rbac\Rule;use app\models\Znw;class ZnwRule extends Rule { public function execute($user, $item, $params) { $znw = Znw::findOne(\Yii::$app->request->get('id')); return $znw->created_by || $znw->zwz_id == 0 || !$znw->created_at ? false : true; }}
and then in ZnwController:
public function actionUpdatezd($id) { if (\Yii::$app->user->can('updatezd')) { ... } else { throw new \yii\web\ForbiddenHttpException('Sorry, you are not allowed to do that.'); }
I have defined in yii2-admin that I have a rule:
name: ZnwRule
class: app\rbac\ZnwRule
and I have created a permission called updatezd
:
name: updatezd
rule: ZnwRule
I have started my app with a main Controller where I'm checking if the route is allowed in yii2-admin or not for a certain role, and all other controllers extend this one. Now that I had to deal with permissions and rules, I had to add the route also to the permission.I'm sure it can be easier accomplished, but at least it seems to be working so far. It's not much, but I hope it helps to some extents.
If you require simple role-check, you can extend the AccessRule
class to accommodate new roles without delving into a full blown Role Based Access Control. Check this tutorial for complete details: Simpler Role Based Authorization in Yii 2.0
This is the easiest way I have discovered to understand, implement and maintain roles, however you will trade-off the extensive flexibility provided by full RBAC for simplicity.
Full disclosure: I am the author of the blog post.