2017 © Pedro Peláez
 

yii2-extension yii2-db-rbac

Dynamic control of access rights in YII2

image

mixartemev/yii2-db-rbac

Dynamic control of access rights in YII2

  • Tuesday, December 27, 2016
  • by mixartemev
  • Repository
  • 3 Watchers
  • 0 Stars
  • 86 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 31 Forks
  • 0 Open issues
  • 15 Versions
  • 1 % Grown

The README.md

Dynamic Access Control for Yii2

НА РУССКОМ ТУТ

The easiest way to create access control in Yii2 without changes in the code., (*1)

This module allows creating roles and rules for Yii role base access (RBAC) via UI. It also allows assigning roles and rules for user via UI. Behaviour that checks access by the modules rules., (*2)

Installation guide

$ php composer.phar require mixartemev/yii2-db-rbac "*"

To work correctly, you must configure the module authManager in the application config file (common/config/main.php for advanced app or config/web.php and config/console for basic app), (*3)

    'components' => [
       'authManager' => [
          'class' => 'yii\rbac\DbManager',
        ],
    ...
    ]

Run migration to create DbManager table (it means that a connection to the database is already configured for the application), (*4)

$ yii migrate --migrationPath=@yii/rbac/migrations/

Add the module

Include module to the config file (backend/config/main.php for advanced app or config/web.php for basic app), (*5)

  'modules' => [
        'permit' => [
            'class' => 'mixartemev\db_rbac\Yii2DbRbac',
        ],
    ],

If you want to setup layout, put it in the following way, (*6)

  'modules' => [
        'permit' => [
            'class' => 'mixartemev\db_rbac\Yii2DbRbac',
            'layout' => '//admin'
        ],
    ],

If you use CNC, be sure that you have correct routing rules for modules, (*7)

'<module:\w+>/<controller:\w+>/<action:(\w|-)+>' => '<module>/<controller>/<action>',
'<module:\w+>/<controller:\w+>/<action:(\w|-)+>/<id:\d+>' => '<module>/<controller>/<action>',

Adding links, (*8)

/permit/access/role - manage roles, (*9)

/permit/access/permission - manage access, (*10)

Assigning role to a user

The module also has an interface for assigning roles to users., (*11)

To work correctly, the module should be specified with User class in the module parameters., (*12)

'modules' => [
        'permit' => [
            'class' => 'app\modules\db_rbac\Yii2DbRbac',
            'params' => [
                'userClass' => 'app\models\User'
            ]
        ],
    ],

User class should implement mixartemev\db_rbac\interfaces\UserRbacInterface. In most cases, you have to add function getUserName() which should return user's name., (*13)

use mixartemev\db_rbac\interfaces\UserRbacInterface;

class User extends ActiveRecord implements IdentityInterface, UserRbacInterface
{
...
    public function getUserName()
    {
       return $this->username;
    }
}

For managing role for user with id=1, visit /permit/user/view/1, (*14)

The easiest way is to add this as a button in GridView with users list., (*15)

echo GridView::widget([
    'dataProvider' => $dataProvider,
    'columns' => [
        ['class' => 'yii\grid\SerialColumn'],

        'id',
        'username',
        'email:email',

        ['class' => 'yii\grid\ActionColumn',
         'template' => '{view}&nbsp;&nbsp;{update}&nbsp;&nbsp;{permit}&nbsp;&nbsp;{delete}',
         'buttons' =>
             [
                 'permit' => function ($url, $model) {
                     return Html::a('<span class="glyphicon glyphicon-wrench"></span>', Url::to(['/permit/user/view', 'id' => $model->id]), [
                         'title' => Yii::t('yii', 'Change user role')
                     ]); },
             ]
        ],
    ],
]);

You can also assign a role to the user in the code, for example when user has been created., (*16)

$userRole = Yii::$app->authManager->getRole('name_of_role');
Yii::$app->authManager->assign($userRole, $user->getId());

You also can check if a user has access in code thought can() method in User class, (*17)

Yii::$app->user->can($permissionName);

$permissionName - could be a role name or a permission name., (*18)

Behaviour that checks access by the modules rules

By using this behaviour you don't need to write Yii::$app->user->can($permissionName) in each action. Behaviour will check it automatically. It is also useful for access control with the third party modules., (*19)

Configure behaviour

You have to include behaviour to the app config file, if you want to check access automatically., (*20)

use mixartemev\db_rbac\behaviors\AccessBehavior;

 'as AccessBehavior' => [
        'class' => AccessBehavior::className(),
 ]

On EVENT_BEFORE_ACTION behaviour will check access for current user (Yii::$app->user) to the action. Action is allowed if: - a user has access to the action (rule: module/controller/action) - a user has acceess to any action in the controller (rule: module/controller) - a user has access to any action in the module (rule: module), (*21)

Redirection if access denied

By default if a user doesn't have access, behaviour will throw ForbiddenHttpException. Application can handle this exception as needed., (*22)

You also can configure login_url where unauthorized user will be redirected, or redirect_url for redirecting a user when access is denied., (*23)

    'as AccessBehavior' => [
        'class' => AccessBehavior::className(),
        'redirect_url' => '/forbidden',
        'login_url' => Yii::$app->user->loginUrl
    ]

Configure default access rules

After connecting behavior, access is available only to authorized users with certain rights. You can create default access rights in config file in the same way as you do in controller (AccessControl):, (*24)

    'as AccessBehavior' => [
        'class' => AccessBehavior::className(),
        'rules' =>
            ['site' =>
                [
                    [
                        'actions' => ['login', 'index'],
                        'allow' => true,
                    ],
                    [
                        'actions' => ['about'],
                        'allow' => true,
                        'roles' => ['admin'],
                    ],
                ]
            ]
    ]

In this example any user has access to site/login and site/index and only user with role admin has access to site/about. The rules described in the configuration take precedence over dynamically configurable rules., (*25)

The Versions

27/12 2016

dev-master

9999999-dev

Dynamic control of access rights in YII2

  Sources   Download

MIT

The Requires

 

yii rbac

18/11 2016

dev-patch-1

dev-patch-1

Dynamic control of access rights in YII2

  Sources   Download

MIT

The Requires

 

yii rbac

01/11 2016

1.0.12

1.0.12.0

Dynamic control of access rights in YII2

  Sources   Download

MIT

The Requires

 

yii rbac

17/06 2016

1.0.11

1.0.11.0

Dynamic control of access rights in YII2

  Sources   Download

MIT

The Requires

 

yii rbac

15/06 2016

1.0.10

1.0.10.0

Dynamic control of access rights in YII2

  Sources   Download

MIT

The Requires

 

yii rbac

04/06 2016

1.0.9

1.0.9.0

Dynamic control of access rights in YII2

  Sources   Download

MIT

The Requires

 

yii rbac

03/10 2015

1.0.8

1.0.8.0

Dynamic control of access rights in YII2

  Sources   Download

MIT

The Requires

 

yii rbac

24/09 2015

1.0.7

1.0.7.0

Dynamic control of access rights in YII2

  Sources   Download

MIT

The Requires

 

yii rbac

07/09 2015

1.0.6

1.0.6.0

Dynamic control of access rights in YII2

  Sources   Download

MIT

The Requires

 

yii rbac

31/08 2015

1.0.5

1.0.5.0

Dynamic control of access rights in YII2

  Sources   Download

MIT

The Requires

 

yii rbac

15/08 2015

1.0.4

1.0.4.0

Dynamic control of access rights in YII2

  Sources   Download

MIT

The Requires

 

yii rbac

24/07 2015

1.0.3

1.0.3.0

Dynamic control of access rights in YII2

  Sources   Download

MIT

The Requires

 

yii rbac

23/07 2015

1.0.2

1.0.2.0

Dynamic control of access rights in YII2

  Sources   Download

MIT

The Requires

 

yii rbac

15/07 2015

1.0.1

1.0.1.0

Dynamic control of access rights in YII2

  Sources   Download

MIT

The Requires

 

yii rbac

15/07 2015

1.0.0

1.0.0.0

Dynamic control of access rights in YII2

  Sources   Download

MIT

The Requires

 

yii rbac