matrozov / yii2-wac-auth
Yii2 CompositeAuth with AccessControl integration.
Installs: 1 991
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Type:yii2-extension
Requires
- php: >=5.4.0
- yiisoft/yii2: ^2.0.0
This package is auto-updated.
Last update: 2024-03-29 03:09:37 UTC
README
Yii2 CompositeAuth with AccessControl integration.
By default, AuthMethod checks only the internal "optional" property to test whether it is possible to get into this action without authorization. You should duplicate the access rules in AuthMethod and AccessControl. WacAuth allows you to automatically check the guest access rules in AccessControl when AuthMethod is authorized.
Installation
Either run
composer require --prefer-dist matrozov/yii2-wac-auth
Usage example
Before:
$behaviors['authenticator'] = [ 'class' => HttpBearerAuth::className(), 'optional' => ['index'] ]; $behaviors['access'] = [ 'class' => AccessControl::className(), 'only' => ['index'], 'rules' => [ [ 'allow' => true, 'actions' => ['index'], 'roles' => ['?'], ], ], ];
You specify the "optional" property and roles="?" at the same time for your action "index".
After:
$behaviors['authenticator'] = [ 'class' => WacAuth::className(), 'authMethods' => [ HttpBearerAuth::className() ] ]; $behaviors['access'] = [ 'class' => AccessControl::className(), 'only' => ['index'], 'rules' => [ [ 'allow' => true, 'actions' => ['index'], 'roles' => ['?'], ], ], ];
You wrap HttpBearerAuth in WacAuth and now it automatically takes into account roles="?" in AccessControl.
WacAuth and CompositeAuth
Since WacAuth is the successor of CompositeAuth, you can use it in all similar cases for a combination of authorization methods.