So I configured my app and made the migrations, but I am trying to make sure I know where I am going.
I assume after putting this code inside the command folder of the directory and executing yii rbac/init will create the authorizations; however, I am wondering if I need to use this if statement inside all create actions inside the 10 controllers I made.
if (\Yii::$app->user->can('createSomething')) {
// create something
}
…Also, how do you assign a role to a user if you’re using the basic template? It seems you cannot assign a role if you’re using a basic template.
Also, one last thing, this code inside the doc, you need to put it inside the RbacController inside the command directory right? And you need to enter yii rbac/init to apply the changes if I understood correctly?
// add the rule
$rule = new \app\rbac\AuthorRule;
$auth->add($rule);
// add the "updateOwnPost" permission and associate the rule with it.
$updateOwnPost = $auth->createPermission('updateOwnPost');
$updateOwnPost->description = 'Update own post';
$updateOwnPost->ruleName = $rule->name;
$auth->add($updateOwnPost);
// "updateOwnPost" will be used from "updatePost"
$auth->addChild($updateOwnPost, $updatePost);
// allow "author" to update their own posts
$auth->addChild($author, $updateOwnPost);
I ran into a problem and I still am not sure I understood how rbac works exactly.
This is the rule for checking whether the author of the post is trying to get the authorization for an action:
class AuthorRule extends Rule
{
public $name = 'isAuthor';
/**
* @param string|integer $user the user ID.
* @param Item $item the role or permission that this rule is associated with
* @param array $params parameters passed to ManagerInterface::checkAccess().
* @return boolean a value indicating whether the rule permits the role or permission it is associated with.
*/
public function execute($user, $item, $params)
{
return isset($params['model']) ? $params['model']->createdBy == $user : false;
}
}
This is how I am trying to use the rule and Yii’s rbac:
public function actionUpdate($id)
{
$model = $this->findModel($id);
if (\Yii::$app->user->can('update', ['model' => $model])) {
if ($model->load(Yii::$app->request->post()) && $model->save()) {
return $this->redirect(['view', 'id' => $model->id]);
} else {
return $this->render('update', [
'model' => $model,
]);
}
}
}
So I thought I had to replace createdBy with userId which is a column in the table Post and I am getting a blank page meaning it doesn’t work. So I am trying to guess what $user is.
What should I do to make it work? The doc seemed to suggest you just had to plug the conditional inside the controller action to make it work, but it doesn’t seem to be the case at all.
when you execute the "can" method to check access.
Take a look at:
vendor/yiisoft/yii2/web/User.php
You will see:
public function can($permissionName, $params = [], $allowCaching = true)
{
$auth = Yii::$app->getAuthManager();
if ($allowCaching && empty($params) && isset($this->_access[$permissionName])) {
return $this->_access[$permissionName];
}
// PLEASE NOTE: $this->getId() already passes the "user->id" to your "permission" or "rule"
$access = $auth->checkAccess($this->getId(), $permissionName, $params);
if ($allowCaching && empty($params)) {
$this->_access[$permissionName] = $access;
}
return $access;
}
Means that:
class AuthorRule extends Rule
{
public $name = 'isAuthor';
public function execute($user, $item, $params)
{
// REGARDING $params['model']->createdBy
// model "createdBy" must be the field name in YOUR table holding the creators user-id
// for example in my database it is called: created_by
// REGARDING $user
// $user should already contain the user id of the current logged in user.
return isset($params['model']) ? $params['model']->createdBy == $user : false;
}
}
Hope this makes it a littlebit more clear for you.
