George Hallam
Reputation: 51
Yii2 RBAC based on permissions
I am designing a system but I need to give the admin user the power to create roles and assign a set of permissions against them.
Currently in the RBAC
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['index','view'], // these action are accessible
//only the yourRole1 and yourRole2
'allow' => true,
'roles' => ['yourRole1', 'yourRole2'],
],
[ // all the action are accessible to superadmin, admin and manager
'allow' => true,
'roles' => ['superAdmin', 'admin', 'manager'],
],
],
],
];
}
However what I ideally need is
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['index','view'],
'allow' => true,
'permission' => ['canView'],
],
[
'actions' => ['update','delete'], // these action are accessible
'allow' => true,
'permission' => ['canDelete', 'canUpdate'],
],
],
],
];
}
By doing this and creating a set of permissions an admin user can then create roles, assign permissions and assign roles to users.
Does anyone know of a package for yii2 that does this?
Upvotes: 0
Views: 895
Answers (1)
Patrick
Reputation: 1338
The AccessControl Filter you are using already allows you to do that via the "permissions" field.
[
'actions' => ['index','view'],
'allow' => true,
'permissions' => ['canView'],
],
Check the documentation: http://www.yiiframework.com/doc-2.0/yii-filters-accessrule.html#$permissions-detail
Upvotes: 0
Related Questions
- Yii Role Based Access Control
- Yii Framework 2.0 Role Based Access Control RBAC
- How create an user authorization in yii2 same RBAC whit some different?
- Yii2 RBAC check permissions without each actions in controller
- Yii 2 Creating Multiple User Roles (RBAC)
- Yii2 - RBAC, Difference between Roles and Permissions
- Can Yii2 RBAC permissions have multiple rules?
- Yii framework 2.0 Role based access control PhpManager
- Authorization with rbac yii
- yii RBAC and yii controllers access rules