justcoded/yii2-rbac

Yii2 RBAC Module

, _(*1)

Yii 2 JustCoded RBAC extension

Extended RBAC Manager with route-based access., _(*2)

Features

Pre-defined Roles and Permissions

By default this extension init such roles and permissions:, _(*3)

Permissions:, _(*4)

• * - master permission. parent of all other permissions
• administer - permission you may use to check access to admin panel

Roles:, _(*5)

• Guest - not authenticated user
• Authenticated - authenticated user (you will need to add it by yourself you users)
• Administrator - has administer permission, so has access to admin panel
• Master - has * permission, super user with access to everything

Routes Scanner

Special console command (or GUI interface) has feature to scan your project files and import permissions like:, _(*6)

• {controller->uniqueId}/*
• {controller->uniqueId}/{action->id}

You can create additional roles (or add permissions to existed roles) to configure your system high-level access., _(*7)

Routes Access filter

Most popular thing in RBAC configuration is to close access to some parts of the site (logged in area, different user roles, admin area, etc.)., _(*8)

Extension provides filter very similar to standard AccessControl which check {controller->uniqueId}/*, {controller->uniqueId}/{action->id} permission on page load and throw 403 error if you're not allowed to access routes., _(*9)

GUI

Simple GUI* interface to manage your roles and permissions., _(*10)

Note: GUI still has alpha version features. Don't share access to this GUI to your clients!, _(*11)

Installation

The preferred way to install this extension is through composer., _(*12)

Either run, _(*13)

php composer.phar require --prefer-dist justcoded/yii2-rbac "*"

or add, _(*14)

"justcoded/yii2-rbac": "*"

to the require section of your composer.json., _(*15)

Configuration

Component Setup

To use the RBAC extension, you need to configure the components array in your application configuration:, _(*16)

'modules' => [
    ...
    'rbac' => [
        'class' => 'justcoded\yii2\rbac\Module'
    ],
    ...
],
'components' => [
    ...
    'authManager' => [
        'class' => 'justcoded\yii2\rbac\components\DbManager',
        //'class' => 'justcoded\yii2\rbac\components\PhpManager',
    ],
    ...
],

Bootstrap4 Themes Support

By default all views use standard yii2-bootstrap package with Boostrap v3. If you use modern Bootstrap 4, then you can overwrite some classes to use yii2-bootstrap4 package instead. Inside your configuration you need to reconfigure container dependencies like this:, _(*17)

'container' => [
    'definitions' => [
        // you can create your own GrivView to customize all options for main roles and permissions lists.
        'justcoded\yii2\rbac\widgets\RbacGridView' => [
            'class' => \app\modules\admin\widgets\RbacGridView::class,
        ],
        // this will replace bootstrap3 ActiveForm with bootstrap4 ActiveForm.
        'justcoded\yii2\rbac\widgets\RbacActiveForm' => [
            'class' => \yii\bootstrap4\ActiveForm::class,
        ],
    ],
],

• Note: you need to add yiisoft/yii2-bootstrap4 package dependency manually in your composer.json.

Basic RBAC configuration

Please follow oficial documentation to configure RBAC storage (create necessary files or database tables)., _(*18)

If you use DbManager you can init database tables with the following migration command:, _(*19)

yii migrate --migrationPath=@yii/rbac/migrations

Init base roles

Before usage this extension you will need to init default roles, which are pre-defined for it., _(*20)

To do that you will need to run several commands:, _(*21)

# init base roles and administer/master permission 
php yii rbac/init

# assign master role to some user (in this case user with ID = 1)
php yii rbac/assign-master 1

# scan your application routes
php yii rbac/scan

# ADVANCED TEMPLATE ONLY: scan routes for rbac module.
php yii rbac/scan -p='@vendor/justcoded/yii2-rbac' -b='rbac/'

# BASIC TEMPLATE ONLY: in case you use 'admin' module for backend:
php yii rbac/scan -p='@vendor/justcoded/yii2-rbac' -b='admin/rbac/'

Usage

GUI interface

To use graphical interface just follow the route you specified as base when scan routes / configure module., _(*22)

Note: Role Permissions selector is a hotfix solution, so it doesn't display proper tree structure when you move items between boxes. This will be fixed in next versions., _(*23)

Route Access filter

RouteAccessControl filter can be used inside specific controller (or globally) to control access to controller actions on very high level., _(*24)

Routes scanner insert permissions like:, _(*25)

{controller->uniqueId}/* {controller->uniqueId}/{action->id}, _(*26)

On controller beforeAction this filter check that current logged in user has permissions to access these routes., _(*27)

To enable filter inside some specific controller:, _(*28)

    public function actions()
    {
        return [
            'routeAccess' => [
                'class' => 'justcoded\yii2\rbac\filters\RouteAccessControl',
            ],
        ];
    }

Or you can configure this filter globally. Inside you current application config just add such section:, _(*29)

    'as routeAccess' => [
        'class' => 'justcoded\yii2\rbac\filters\RouteAccessControl',
        'allowActions' => [
            'site/*',
        ],
        'allowRegexp' => '/(gii)/i', // optional
    ],

Example

You can check the example on our Yii2 starter kit., _(*30)