daydiff / yii2-auth-chain
Yii2 authorization chain
Installs: 6
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Type:yii2-extension
Requires
- php: >=5.4.0
- yiisoft/yii2: *
Requires (Dev)
This package is not auto-updated.
Last update: 2024-04-27 16:20:26 UTC
README
What is it for?
For applications with hierarhical access roles system.
Any examples? It's not clear
You have an application - API. You have two roles here:
- admin - they can watch statistics and edit clients;
- client - they can see own statistics and set settings.
You need to allow admins to authorize as clients without knowing their passwords just from admin interface. And you need to allow admins to get back to their own privilegis/account without re-logining. And of course you need to log all changes made by admins as clients properly, so you always knew who actually made some changes.
Install
$ composer require daydiff/yii2-auth-chain
Usage
Register application component:
'components' => [ 'authChain' => [ 'class' => 'Daydiff\AuthChain\Service' ], ]
You need to declare a member class implementing \Daydiff\AuthChain\MemberInterface
//Member.php namespace app\foo\bar; class Member implements \Daydiff\AuthChain\MemberInterface { private $id; private $login; /** * @inheritdoc */ function getId() { return $this->id; } /** * @inheritdoc */ function getLogin() { return $this->login; } /** * @inheritdoc */ function setId($id) { $this->id = $id; return $this; } /** * @inheritdoc */ function setLogin($login) { $this->login = $login; return $this; } }
In your action used to authorize as client:
public function actionAuthAs($id) { $user = \Yii::$app->getIdentity()->getUser(); $member = new app\foo\bar\Member(); $member->setId($user->id) ->setLogin($user->login); \Yii::$app->authChain->push($member); //and then you do authorization work }
When you need to know who user actually is:
$member = \Yii::$app->authChain->last(); $realUserId = $member->getId();