kak/rbac

rbac manager for Yii2

Maintainers

Details

github.com/sanchezzzhak/kak-rbac

Source

Issues

Installs: 889

Dependents: 0

Suggesters: 0

Security: 0

Stars: 7

Watchers: 3

Forks: 0

Open Issues: 0

1.0.7 2023-03-24 12:01 UTC

Requires

MIT 283d2bdcaaac7b2324974bf9a7e7a276c818c0fb

  • Tutik Alexsandr <sanchezzzhak.woop@ya.ru>

yii2rbac managerkak rbac

This package is auto-updated.

Last update: 2024-04-24 14:14:40 UTC

README

Dash Preview 68747470733a2f2f312e62702e626c6f6773706f742e636f6d2f2d7273544d705f5276434e672f5752725957746d61325f492f4141414141414141414a342f4847586b53765066437138457962344f78664f446d793957746d50364274705941434c63422f73313630302f726261632d707265766965772e706e67

fork for

install

step 1

The preferred way to install this extension is through composer. Either run

php composer.phar require --prefer-dist kak/rbac ">=1.0"

or add

"kak/rbac": ">=1.0"
step 2

add config web.php

    'authManager' => [
        'class' => 'kak\rbac\components\DbManager',
        'defaultRoles' => [
            'guest',
            'user'
        ],
    ],
step 3

create tables

yii migrate --migrationPath=@yii/rbac/migrations

Insert base rbac rules

yii migrate --migrationPath=@vendor/kak/rbac/migrations

step 4

Using module admin RBAC

$config['modules']['rbac'] = [
    'class' => 'kak\rbac\Module',
    // set custom Layout
    'mainLayout' => '@app/modules/dashboard/views/layouts/main.php',
    'layout' => 'main',
    'userAttributes' => [
        'username',
        'email'
    ]
    // desable check rbac - default true
    'checkAccessPermissionAdministrateRbac' => false
];

Controllers rules base

Consts

interface PermissionConst
{
    const
        ItemView   = 'ItemView',
        ItemUpdate = 'ItemUpdate',
        ItemCreate = 'ItemCreate',
        ItemDelete = 'ItemDelete',

        UpdateOwn  = 'UpdateOwn',
        DeleteOwn  = 'DeleteOwn',
        AuthorRule  = 'AuthorRule';
}

public function behaviors()
{
    return [
        'access' => [
            'class' => yii\filters\AccessControl::className(),
            'rules' => [
                [
                    'actions' => ['index', 'create'],
                    'allow' => true,
                    'roles' => [User::ROLE_ADMIN,User::ROLE_MANAGER],
                ],[
                    'actions' => ['update'],
                    'allow' => true,
                    'roles' => [User::ROLE_ADMIN, User::ROLE_MANAGER ],
                ],[
                    'actions' => ['delete'],
                    'allow' => true,
                    'roles' => [User::ROLE_ADMIN],
                ],[
                  'actions' => ['about'],
                  'allow' => true,
                  'roles' => ["?" , "@"],
                ]
            ],
        ],
    ];
}

using context access rule

public function behaviors()
{
    return [
        'access' => [
            'class' => AccessControl::className(),
            'rules' => [
                [
                    'actions' => ['index', 'create'],
                    'allow' => true,
                    'roles' => ['@'],
                ],[
                    'class' => 'kak\rbac\rules\ContextAccessRule',
                    'modelClass' => 'app\models\Stream',
                    'actions' => ['update'],
                    'roles' => [PermissionConst::UpdateOwn],
                ],[
                    'class' => 'kak\rbac\rules\ContextAccessRule',
                    'modelClass' => 'app\models\Stream',
                    'actions' => ['delete'],
                    'roles' => [PermissionConst::DeleteOwn],
                ]
            ],
        ],

    ];
}

is current user personal check permission

$isAccess = Yii::$app->user->can(PermissionConst::ItemCreate) 
            && Yii::$app->user->can(User::ROLE_ADMIN);