yiisoft/access

An interface for checking access

1.0.0 2020-08-24 12:14 UTC

This package is auto-updated.

Last update: 2021-09-07 20:57:17 UTC


README

68747470733a2f2f796969736f66742e6769746875622e696f2f646f63732f696d616765732f7969695f6c6f676f2e737667

Yii Access


This package provides an interface for checking if certain user has certain permission. Optional parameters could be passed for fine-grained access checks.

Latest Stable Version Total Downloads

Installation

composer require yiisoft/access

Usage

An access checker such as RBAC implements the interface. A user identity may use it then for checking access:

namespace App;

use Yiisoft\Access\AccessCheckerInterface;

class UserService
{
  private AccessCheckerInterface $accessChecker;

  public function __construct(AccessCheckerInterface $accessChecker)
  {
      $this->accessChecker = $accessChecker;
  }

  public function can(string $permissionName, array $parameters = []): bool
  {
      return $this->accessChecker->userHasPermission($this->getCurrentUser()->getId() ?? '', $permissionName, $parameters);
  }

  public function getCurrentUser(): User
  {
      // ...
  }
}

In the handler it may look like the following:

public function actionList(UserService $userService)
{
  if (!$userService->can('list_posts')) {
      // access denied
  }

  // list posts
}