Is it possible in YII2 not to register all groups in the Access Control Filter, but to take permissions from the database. How can this be implemented?

PS I want to get rid of prescribing this nonsense in each module \ controller

' 'access' => [ 'class' => AccessControl::className(), 'only' => ['login', 'logout', 'signup'], 'rules' => [ [ 'allow' => true, 'actions' => ['login', 'signup'], 'roles' => ['?'], ], ],'
  • Please specify the question. ACF - meaning Access Control Filter or formatting Advanced Custom Fields depending on user role - Ninazu
  • I meant Access Control Filter, I want to get rid of registering this nonsense in each module \ controller '' access' => ['class' => AccessControl :: className (),' only '=> [' login ',' logout ', 'signup'], 'rules' => [['allow' => true, 'actions' => ['login', 'signup'], 'roles' => ['?'],],], - Yan_Alex

1 answer 1

Yes, most likely you want RBAC with roles in the database

Specify the component in the config

 'components' => [ 'authManager' => [ 'class' => 'yii\rbac\DbManager', ],

Apply migration to create structure in the database

 ./yii migrate --migrationPath=@yii/rbac/migrations/

Example

 //Cоздание роли $role = Yii::$app->authManager->createRole('admin'); $role->description = 'Админ'; Yii::$app->authManager->add($role); //Создать пермишн $permission = Yii::$app->authManager->createPermission('editUser'); $permission->description = 'Право редактировать пользователя'; Yii::$app->authManager->add($permission); //Связать пермишн с ролью $role = Yii::$app->authManager->getRole('admin'); $permission = Yii::$app->authManager->getPermission('editUser'); Yii::$app->authManager->addChild($role, $permission); //Назначить роль 'admin' пользователю 123 $userRole = Yii::$app->authManager->getRole('admin'); Yii::$app->authManager->assign($userRole, 123);

UPDATED:

Or any functionality to your taste

 /** * @inheritdoc */ public function behaviors() { return [ 'access' => [ 'class' => MyAccessControl::className(), ], ]; } class MyAccessControl extends ActionFilter { public function beforeAction($action) { /**@var Controller $controller */ $controller = $this->owner; $controllerName = $controller->id; $userID = Yii::$app->user->isGuest ? null : Yii::$app->user->id; /** * CREATE TABLE `access` ( * `controller_name` VARCHAR(50) NOT NULL COLLATE 'utf8_unicode_ci', * `action_name` VARCHAR(50) NOT NULL COLLATE 'utf8_unicode_ci', * `user_id` INT(11) NOT NULL, * UNIQUE INDEX `controller_name_action_name_user_id` (`controller_name`, `action_name`, `user_id`) * ) */ $result = AccessModel::findOne([ 'controller_name' => $controllerName, 'action_name' => $action, 'user' => $userID, ]); //Если нет, то кидаем Exception if (!$result) { throw new ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.')); } return parent::beforeAction($action); } }
  • Yes, I learned that all, but if I assign roles to users, will I automatically check access? That is, I do not need to register for each module an array of access in behaviors? - Yan_Alex pm
  • It all depends on the permissions. Usually DBManager is used, so that the roles can be changed without changing the code, let's say from the admin. If your rules are always the same, then it will be logical to take them out to some abstract controller and then inherit all the others from it, or use Trait. You can describe your AccessControl and AccessRule. Anyway, if you use accesses, they need to be stored somewhere (in code, in database, etc.) - Ninazu
  • updated answer for his AccessControl - Ninazu
  • I answered him? Or something needs clarification? - Ninazu
  • This question is very interesting to me - // Here we go into the database or somewhere else and see if this action is allowed for this controller for this user. Will it be enough to check for example checkAccessRecursive or will it be necessary to climb into the database? And it would be interesting if there are ready-made solutions, including the administration of all this through the GUI. I tried the yii2-user-management extension but it is very thick and not understandable to me, and the yii2-admin extension puts the composer already 4th HOUR, and I don’t understand why so long - Yan_Alex