matrozov/yii2-wac-auth

Yii2 CompositeAuth with AccessControl integration.

yii2-auth-wac

Yii2 CompositeAuth with AccessControl integration., _(*1)

By default, AuthMethod checks only the internal "optional" property to test whether it is possible to get into this action without authorization. You should duplicate the access rules in AuthMethod and AccessControl. WacAuth allows you to automatically check the guest access rules in AccessControl when AuthMethod is authorized., _(*2)

Installation

Either run, _(*3)

composer require --prefer-dist matrozov/yii2-wac-auth, _(*4)

Usage example

Before:

$behaviors['authenticator'] = [
    'class' => HttpBearerAuth::className(),
    'optional' => ['index']
];

$behaviors['access'] = [
    'class' => AccessControl::className(),
    'only' => ['index'],
    'rules' => [
        [
            'allow' => true,
            'actions' => ['index'],
            'roles' => ['?'],
        ],
    ],
];

You specify the "optional" property and roles="?" at the same time for your action "index"., _(*5)

After:

$behaviors['authenticator'] = [
    'class' => WacAuth::className(),
    'authMethods' => [
        HttpBearerAuth::className()
    ]
];

$behaviors['access'] = [
    'class' => AccessControl::className(),
    'only' => ['index'],
    'rules' => [
        [
            'allow' => true,
            'actions' => ['index'],
            'roles' => ['?'],
        ],
    ],
];

You wrap HttpBearerAuth in WacAuth and now it automatically takes into account roles="?" in AccessControl., _(*6)

WacAuth and CompositeAuth

Since WacAuth is the successor of CompositeAuth, you can use it in all similar cases for a combination of authorization methods., _(*7)