Yii 2 Creating Multiple User Roles (RBAC)
1) no you not need another controller for RBAC
2) For generate Rbac you should use this way - http://www.yiiframework.com/doc-2.0/guide-security-authorization.html#building-authorization-data and run
yii rbac/init
Edit:
Add more from my projects.
I create rbac. I have 2 files. First items.php
<?php
return [
'dashboard' => [
'type' => 2,
'description' => 'Админ панель',
],
'user' => [
'type' => 1,
'description' => 'Администратор',
'ruleName' => 'userRole',
],
'moder' => [
'type' => 1,
'ruleName' => 'userRole',
'children' => [
'user',
'dashboard',
],
],
'admin' => [
'type' => 1,
'ruleName' => 'userRole',
'children' => [
'moder',
],
],
];
Second rules.php
<?php
return [
'userRole' => 'O:35:"common\\components\\rbac\\UserRoleRule":3:{s:4:"name";s:8:"userRole";s:9:"createdAt";N;s:9:"updatedAt";N;}',
];
In config set to components area
'authManager' => [
'class' => 'yii\rbac\PhpManager',
'defaultRoles' => ['user','moder','admin'],
'itemFile' => '@common/components/rbac/items.php',
'assignmentFile' => '@common/components/rbac/assignments.php',
'ruleFile' => '@common/components/rbac/rules.php'
],
In controller check
if (\Yii::$app->user->can('createPost')) {
// create post
}
Access Control Filter http://www.yiiframework.com/doc-2.0/guide-security-authorization.html#access-control-filter is a very simple authorization. He provide two state: auth user or NOT auth user (guest).
kaynewilder
Updated on June 27, 2022Comments
-
kaynewilder almost 2 years
We have read tutorials but we still don't understand the whole thing (was focusing here: http://www.yiiframework.com/doc-2.0/guide-security-authorization.html). Most of them are using the advanced template, but we are only using basic.
My question is, do we need to make another controller for RBAC? Where do we put codes like these, for example:
$r->init(); $r->createRole("bizadmin","Biz Administrator"); $r->save(); $r->assign('2','bizadmin');
What db tables do we need to create? We have created the user table but don't know what to do next.
I hope someone can give a detailed explanation.
Please help. We are still very new to this. Thank you.
EDIT:
We tried these:
public function behaviors() { return [ 'access' => [ 'class' => AccessControl::className(), 'rules' => [ [ 'actions' => ['login', 'error'], // Define specific actions 'allow' => true, // Has access 'roles' => ['@'], // '@' All logged in users / or your access role e.g. 'admin', 'user' ], [ 'allow' => false, // Do not have access 'roles'=>['?'], // Guests '?' ], ], ], 'verbs' => [ 'class' => VerbFilter::className(), 'actions' => [ 'logout' => ['post'], ], ], ]; } public function actionIndex() { $r = new DbManager; $r->init(); $r->createRole("bizadmin","Biz Administrator"); $r->save(); $r->assign('2','bizadmin'); return $this->render('index'); }
But we get this error:
exception 'yii\web\ForbiddenHttpException' with message 'Login Required' in C:\wamp3\www\basic\vendor\yiisoft\yii2\web\User.php:431 Stack trace: #0 C:\wamp3\www\basic\vendor\yiisoft\yii2\filters\AccessControl.php(149): yii\web\User->loginRequired() #1 C:\wamp3\www\basic\vendor\yiisoft\yii2\filters\AccessControl.php(126): yii\filters\AccessControl->denyAccess(Object(yii\web\User)) #2 C:\wamp3\www\basic\vendor\yiisoft\yii2\base\ActionFilter.php(71): yii\filters\AccessControl->beforeAction(Object(yii\web\ErrorAction)) #3 [internal function]: yii\base\ActionFilter->beforeFilter(Object(yii\base\ActionEvent)) #4 C:\wamp3\www\basic\vendor\yiisoft\yii2\base\Component.php(538): call_user_func(Array, Object(yii\base\ActionEvent)) #5 C:\wamp3\www\basic\vendor\yiisoft\yii2\base\Controller.php(259): yii\base\Component->trigger('beforeAction', Object(yii\base\ActionEvent)) #6 C:\wamp3\www\basic\vendor\yiisoft\yii2\web\Controller.php(108): yii\base\Controller->beforeAction(Object(yii\web\ErrorAction)) #7 C:\wamp3\www\basic\vendor\yiisoft\yii2\base\Controller.php(149): yii\web\Controller->beforeAction(Object(yii\web\ErrorAction)) #8 C:\wamp3\www\basic\vendor\yiisoft\yii2\base\Module.php(455): yii\base\Controller->runAction('error', Array) #9 C:\wamp3\www\basic\vendor\yiisoft\yii2\web\ErrorHandler.php(80): yii\base\Module->runAction('site/error') #10 C:\wamp3\www\basic\vendor\yiisoft\yii2\base\ErrorHandler.php(95): yii\web\ErrorHandler->renderException(Object(yii\web\ForbiddenHttpException)) #11 [internal function]: yii\base\ErrorHandler->handleException(Object(yii\web\ForbiddenHttpException)) #12 {main} Previous exception: exception 'yii\web\ForbiddenHttpException' with message 'Login Required' in C:\wamp3\www\basic\vendor\yiisoft\yii2\web\User.php:431 Stack trace: #0 C:\wamp3\www\basic\vendor\yiisoft\yii2\filters\AccessControl.php(149): yii\web\User->loginRequired() #1 C:\wamp3\www\basic\vendor\yiisoft\yii2\filters\AccessControl.php(126): yii\filters\AccessControl->denyAccess(Object(yii\web\User)) #2 C:\wamp3\www\basic\vendor\yiisoft\yii2\base\ActionFilter.php(71): yii\filters\AccessControl->beforeAction(Object(yii\base\InlineAction)) #3 [internal function]: yii\base\ActionFilter->beforeFilter(Object(yii\base\ActionEvent)) #4 C:\wamp3\www\basic\vendor\yiisoft\yii2\base\Component.php(538): call_user_func(Array, Object(yii\base\ActionEvent)) #5 C:\wamp3\www\basic\vendor\yiisoft\yii2\base\Controller.php(259): yii\base\Component->trigger('beforeAction', Object(yii\base\ActionEvent)) #6 C:\wamp3\www\basic\vendor\yiisoft\yii2\web\Controller.php(108): yii\base\Controller->beforeAction(Object(yii\base\InlineAction)) #7 C:\wamp3\www\basic\vendor\yiisoft\yii2\base\Controller.php(149): yii\web\Controller->beforeAction(Object(yii\base\InlineAction)) #8 C:\wamp3\www\basic\vendor\yiisoft\yii2\base\Module.php(455): yii\base\Controller->runAction('login', Array) #9 C:\wamp3\www\basic\vendor\yiisoft\yii2\web\Application.php(83): yii\base\Module->runAction('site/login', Array) #10 C:\wamp3\www\basic\vendor\yiisoft\yii2\base\Application.php(375): yii\web\Application->handleRequest(Object(yii\web\Request)) #11 C:\wamp3\www\basic\web\index.php(12): yii\base\Application->run() #12 {main}