dektrium Yii2-rbac

rostowich · May 25, 2016, 9:12am

Hello,

I have a problem when using dektrium yii2-rbac.

I created roles, permission and routes, rules and assignment using rbac. But my problem is how we configure it in controller to automatically check if the user has or not the permission to do an action.

For example in Yii1.1 the controller has to be extend Rcontroller.

If i follow the yii2 guide about it, i have to hard code the permission checking (\Yii::$app->user->can()) for each action.

It is possible to use rbac in the controller without hard coded checking if the user can do the task?

BR

Bizley · May 25, 2016, 11:00am

You can use AccessControl behavior for this.




    public function behaviors()

    {

        return [

            'access' => [

                'class' => AccessControl::className(),

                'rules' => [

                    [

                        'allow' => true,

                        'roles' => ['ABC'],

                    ],

                ],

            ],

        ];

    }

where ABC is the name of role or permission. This will limit access to every controller’s action to users with role or permission ABC. See Access Control Filter guide section for more info about ACF.

rostowich · May 25, 2016, 12:20pm

What i want to avoid is to hard code the name of the role in the controller. With this you have to know the name of the role created at the front end level. Is there any way to use rbac without hard code the role like in Yii1.1 ?

Bizley · May 25, 2016, 3:34pm

I’ve seen solution where permission is called something like ‘aaa/bbb’ where ‘aaa’ is controller’s id and ‘bbb’ is action’s id so you can prepare ACF rule that will check it based on current controller’s action.

rostowich · May 25, 2016, 4:59pm

Please do you have the link?

Bizley · May 25, 2016, 7:02pm

This matchCallback might do the trick after few tweeks (I haven’t tested it though).

http://www.yiiframework.com/forum/index.php/topic/70446-rbac-skrocenie-zapisu-uprawnien

rostowich · May 30, 2016, 1:56pm

Thks for the link and i implemented it successfully. But i have an issue when creating rule with the execute method.

I have a modele named Tabpost and i want to allow only the author to modify his post. Kindly seee below the method.

<?php

namespace app\rules;

use yii\rbac\Rule;

use Yii;

/**

Rules to restrict Author to update only his own posts

*/

class UpdatePostRule extends Rule

{

/**


 * @param string|integer &#036;user the user ID.


 * @param Item &#036;item the role or permission that this rule is associated with


 * @param array &#036;params parameters passed to ManagerInterface::checkAccess().


 * @return boolean a value indicating whether the rule permits the role or permission it is associated with.


 */


public function execute(&#036;user, &#036;item, &#036;params)


{


	Yii::info('user  '.&#036;params['Tabpost']);


	Yii::info('user ID  '.&#036;user);


    return isset(&#036;params['Tabpost']) ? &#036;params['Tabpost']-&gt;user_id == &#036;user : false;


}

}

When i execute the update action, i get this error:

Undefined index: Tabpost

Please it seems that i do not use the execute method well.

rostowich · May 30, 2016, 2:13pm

What is $params attributes?

Bizley · May 30, 2016, 2:58pm

I see you have copied the code from here.

In here you can find example of using this rule (second box). Array [‘post’ => $post] is $params.

rostowich · May 31, 2016, 7:56am

Thank you. it helps me