daydiff/yii2-auth-chain

Yii2 authorization chain

v1.0.0 2016-07-28 06:21 UTC

This package is not auto-updated.

Last update: 2024-11-09 19:29:07 UTC


README

Latest Version on Packagist Software License Build Status

What is it for?

For applications with hierarhical access roles system.

Any examples? It's not clear

You have an application - API. You have two roles here:

  • admin - they can watch statistics and edit clients;
  • client - they can see own statistics and set settings.

You need to allow admins to authorize as clients without knowing their passwords just from admin interface. And you need to allow admins to get back to their own privilegis/account without re-logining. And of course you need to log all changes made by admins as clients properly, so you always knew who actually made some changes.

Install

$ composer require daydiff/yii2-auth-chain

Usage

Register application component:

'components' => [
    'authChain' => [
        'class' => 'Daydiff\AuthChain\Service'
    ],
]

You need to declare a member class implementing \Daydiff\AuthChain\MemberInterface

//Member.php
namespace app\foo\bar;

class Member implements \Daydiff\AuthChain\MemberInterface
{
    private $id;
    private $login;

    /**
     * @inheritdoc
     */
    function getId()
    {
        return $this->id;
    }

    /**
     * @inheritdoc
     */
    function getLogin()
    {
        return $this->login;
    }

    /**
     * @inheritdoc
     */
    function setId($id)
    {
        $this->id = $id;
        return $this;
    }

    /**
     * @inheritdoc
     */
    function setLogin($login)
    {
        $this->login = $login;
        return $this;
    }
}

In your action used to authorize as client:

public function actionAuthAs($id)
{
    $user = \Yii::$app->getIdentity()->getUser();
    $member = new app\foo\bar\Member();
    $member->setId($user->id)
        ->setLogin($user->login);
    \Yii::$app->authChain->push($member);

    //and then you do authorization work
}

When you need to know who user actually is:

$member = \Yii::$app->authChain->last();
$realUserId = $member->getId();