I want to create a Simple Role Based Authorization with 2 types of users,moderators and admins.
How can I set admins to see all actions and moderators to see just some actions?
I want to create a Simple Role Based Authorization with 2 types of users,moderators and admins.
How can I set admins to see all actions and moderators to see just some actions?
What you’re looking for is Access Control Filter.
Let me give you an example for your case:
use yii\web\Controller;
use yii\filters\AccessControl;
class ArticleController extends Controller
{
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => [ 'get', 'suggest-edit', 'create', 'update', 'delete' ],
'rules' => [
[
'allow' => true,
'actions' => [ 'get' ],
'roles' => ['?'],
],
[
'allow' => true,
'actions' => [ 'suggest-edit' ],
'roles' => [ '@' ],
],
[
'allow' => true,
'actions' => [ 'create', 'update' ],
'roles' => [ 'moderator', 'admin' ],
],
[
'allow' => true,
'actions' => [ 'delete' ],
'roles' => [ 'admin' ],
],
],
],
];
}
public function actionGet($articleId)
{
// ...
}
public function actionCreate($articleId)
{
// ...
}
public function actionSuggestEdit($articleId)
{
// ...
}
public function actionUpdate($articleId)
{
// ...
}
public function actionDelete($articleId)
{
// ...
}
}
I use this tutorial https://thecodeninja.net/2014/12/simpler-role-based-authorization-in-yii-2-0/
But it does not work for me. I did a "role" field at user table and write the bellow code,but user can not see the delete action even I have 10 at role field
Is there another tutorial for this?
[
'actions' => ['delete'],
'allow' => true,
'roles' => [
DimUser::ROLE_USER,
DimUser::ROLE_MODERATOR,
DimUser::ROLE_ADMIN
],
user model
const ROLE_USER = 10;
const ROLE_MODERATOR = 20;
const ROLE_ADMIN = 30;
Have you made your own custom AccessRule?
This seems to work for me.
http://www.yiiframework.com/wiki/771/rbac-super-simple-with-admin-and-user/