Geek Answers Handbook

YA2 rule implementation

Hi guys, I saw a lot of Yii 2 RBAC tutorials, but I can't evaluate how to implement the rules. In the Yii 2 manual, they presented how rules are created, but in reality they cannot be implemented in the behavior of the controller or elsewhere. I really need some enlightenment on this.

Now I have a document loading system in which I have two roles: admin and encoder. In principle, the role of administrator can perform everything, while the role of the encoder can only create your own, your own views, your own updates and your own delete rights. I already created a rule called encodedBy.

This is my code in EncoderRule code

namespace app\rbac; use yii\rbac\Rule; /** * Checks if encoded_by matches user passed via params */ class EncoderRule extends Rule { public $name = 'encodedBy'; /** * @param string|integer $user the user ID. * @param Item $item the role or permission that this rule is associated with * @param array $params parameters passed to ManagerInterface::checkAccess(). * @return boolean a value indicating whether the rule permits the role or permission it is associated with. */ public function execute($user, $item, $params) { return isset($params['document']) ? $params['document']->encoded_by == $user : false; } }

I store the data in the "document" table, where I have a field called "encoded_by" I hope you guys can help me. Thank you so much!

+8
php rbac yii2 rule
source share
3 answers

If I understand you clearly, you want to use the Yii2 RBAC Rule to implement some permissions for system users (Admin and encoder). Well, it's pretty straight to some extent

Yii2 has existing tables for this purpose. These tables are me. auth_assignment II. auth_item III. auth_item_child intravenously auth_rule

The first thing you need to do is choose which authManager you want to use either PhpManager or DBManager, but I would advise you to use the DBManager argument, which is what I use

If you are using the Yii2 Basic template, add the following lines of code below the components in web.php

 'authManager' => [ 'class' => 'yii\rbac\DbManager', 'defaultRoles' => ['guest'], ],

If the Yii2 Advanced Template , add the lines of code below under the components in main.php inside the \ common \ config folder

By doing the above steps,

  • Run yii migrate --migrationPath = @ yii / rbac / migrations from the command line

The above code will generate / create four tables that were previously listed automatically inside the database for you

To create your own RBAC rules.

This requires the creation of permissions and roles.

For the base template

  • Create a file and name it RbacController.php inside the command folder

See http://pastebin.com/RAKpZX2J to see how it looks.

For an extended template, - Create the same file, but instead it will be located inside the console \ controllers \ RbacController.php

Having done all this

  • Run yii rbac / init // This willl run actionInit () inside the RbacController file

if you have successfully created all of the above, you can do something like this to find out if the user has permission

 if(Yii::$app->user->can('createUser')){ }

I hope this helps.

+2
source share

I also struggle with this. All I could guess so far is that $params['post'] absolutely not working for me. I have no idea where - what should I define in order to make it work. But I could figure out, based on a Joel Small post , that if I just do it (I just want to deny access to the update form in case of some circumstances regarding the state of the model):

Application \ RBAC \ ZnwRule.php:

 namespace app\rbac; use yii\rbac\Rule; use app\models\Znw; class ZnwRule extends Rule { public function execute($user, $item, $params) { $znw = Znw::findOne(\Yii::$app->request->get('id')); return $znw->created_by || $znw->zwz_id == 0 || !$znw->created_at ? false : true; } }

and then in ZnwController:

 public function actionUpdatezd($id) { if (\Yii::$app->user->can('updatezd')) { ... } else { throw new \yii\web\ForbiddenHttpException('Sorry, you are not allowed to do that.'); }

I defined in yii2-admin that I have a rule :

name: ZnwRule

class: app \ rbac \ ZnwRule

and I created a permission called updatezd :

name: updatezd

rule: ZnwRule

I started my application with the main controller, where I check if the route is allowed in yii2-admin or not for a specific role, and all other controllers extend this one. Now that I had to deal with permissions and rules, I had to add a route to the permission. I'm sure it might be easier, but at least it looks like it still works. This is not so much, but I hope this helps some extents.

+1
source share

If you need a simple role check, you can extend the AccessRule class to accommodate new roles without going into full-blown role-based access control. For more information about this guide, see Simplified Role Based Authorization in Yii 2.0

This is the easiest way I've discovered to understand, implement, and support roles, however you can compromise the wide flexibility provided by full RBAC for simplicity.

Full disclosure: I am the author of a blog post.

0
source share

More articles:


All Articles