blackcube/dboard

CMS Administration Panel

Maintainers

Details

github.com/blackcubeio/dboard

Homepage

Source

Issues

Installs: 1

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

Language:CSS

pkg:composer/blackcube/dboard

1.0.0 2026-03-03 18:18 UTC

Requires

Requires (Dev)

Suggests

  • blackcube/ssr: Required for SSR route options in Type admin forms

BSD-3-Clause e564dae33e62723611bbbd85110311a8292d6949

  • Philippe Gaultier <philippe.woop@blackcube.io>

adminoauth2cmsrbacback-officeyii3webauthn

This package is auto-updated.

Last update: 2026-03-03 18:20:47 UTC

README

Administration panel for Blackcube CMS.

License Packagist Version

Installation

composer require blackcube/dboard

Requirements

What it is

Full back-office for dcore. CRUD for every entity, tree management, RBAC, JWT authentication with passkey support.

Managed entities

Module Capabilities
Contents CRUD, tree (move, reorder), blocs, tags, translations, slugs, SEO (xeo), authors, export/import Markdown
Tags CRUD, tree, blocs, slugs, SEO
Menus CRUD, tree
Types CRUD, associate elastic schemas and content/tag types
Elastic Schemas CRUD, JSON Schema editor, schema-to-type mapping
Languages CRUD
Hosts CRUD
Slugs Management, sitemap configuration
SEO (Xeo) Per-slug SEO metadata, authors, blocs
Authors CRUD
Parameters CRUD
Administrators CRUD, activation, role/permission assignment
Passkeys WebAuthn registration and management
RBAC Roles and permissions management
Dashboard Overview
Search Global search across entities
Preview Content preview with simulated dates

Authentication

Two authentication methods:

  • JWT (OAuth2) — password grant via blackcube/oauth2, access token in cookie, automatic refresh
  • Passkeys (WebAuthn) — FIDO2 passwordless authentication via web-auth/webauthn-lib

RBAC

Granular permissions per entity. Each entity has VIEW, CREATE, UPDATE, DELETE permissions, some add IMPORT/EXPORT. Aggregated into MANAGER roles per entity.

Role Covers
CONTENT:MANAGER view, create, update, delete, import, export
TAG:MANAGER view, create, update, delete, import, export
MENU:MANAGER view, create, update, delete
TYPE:MANAGER view, create, update, delete
ELASTICSCHEMA:MANAGER view, create, update, delete
LANGUAGE:MANAGER view, create, update, delete
HOST:MANAGER view, create, update, delete
XEO:MANAGER view, create, update, delete
AUTHOR:MANAGER view, create, update, delete
PARAMETER:MANAGER view, create, update, delete
ADMINISTRATOR:MANAGER view, create, update, delete
SITE:MANAGER dashboard, search, preview

To enable direct permission assignment (not just roles), configure RBAC with enableDirectPermissions:

// config/common/di/rbac.php
use Yiisoft\Rbac\Manager;

return [
    ManagerInterface::class => static fn (
        ItemsStorageInterface $itemsStorage,
        AssignmentsStorageInterface $assignmentsStorage
    ) => new Manager(
        itemsStorage: $itemsStorage,
        assignmentsStorage: $assignmentsStorage,
        enableDirectPermissions: true,
    ),
];

Configuration

// config/params.php
return [
    'blackcube/dboard' => [
        'routePrefix' => '/admin',
        'rbacClasses' => [
            // Your RBAC permission classes
        ],
        'oauth2' => [
            'issuer' => 'https://your-domain.com',
            'publicKey' => '/path/to/public.key',
            'privateKey' => '/path/to/private.key',
            'algorithm' => 'RS256',
        ],
    ],
];

Migrations

DBoard ships its own migrations (administrators, passkeys, RBAC tables, refresh tokens):

php yii.php migrate:up

Let's be honest

This is Blackcube's admin, not a generic admin generator.

DBoard is purpose-built for dcore entities. It is not a scaffolding tool and does not generate CRUD from arbitrary models.

Tight coupling.

DBoard depends on dcore, Bleet, oauth2, yii-assets. It is not a standalone package — it is the admin layer of the Blackcube stack.

License

BSD-3-Clause. See LICENSE.md.

Author

Philippe Gaultier philippe@blackcube.io