Extended RBAC Manager with route-based access.
By default this extension init such roles and permissions:
Permissions:
- * - master permission. parent of all other permissions
- administer - permission you may use to check access to admin panel
Roles:
- Guest - not authenticated user
- Authenticated - authenticated user (you will need to add it by yourself you users)
- Administrator - has
administer
permission, so has access to admin panel - Master - has
*
permission, super user with access to everything
Special console command (or GUI interface) has feature to scan your project files and import permissions like:
- {controller->uniqueId}/*
- {controller->uniqueId}/{action->id}
You can create additional roles (or add permissions to existed roles) to configure your system high-level access.
Most popular thing in RBAC configuration is to close access to some parts of the site (logged in area, different user roles, admin area, etc.).
Extension provides filter very similar to standard AccessControl which check {controller->uniqueId}/*
,
{controller->uniqueId}/{action->id}
permission on page load and throw 403 error if you're not allowed
to access routes.
Simple GUI* interface to manage your roles and permissions.
Note: GUI still has alpha version features. Don't share access to this GUI to your clients!
The preferred way to install this extension is through composer.
Either run
php composer.phar require --prefer-dist justcoded/yii2-rbac "*"
or add
"justcoded/yii2-rbac": "*"
to the require section of your composer.json.
To use the RBAC extension, you need to configure the components array in your application configuration:
'modules' => [
...
'rbac' => [
'class' => 'justcoded\yii2\rbac\Module'
],
...
],
'components' => [
...
'authManager' => [
'class' => 'justcoded\yii2\rbac\components\DbManager',
//'class' => 'justcoded\yii2\rbac\components\PhpManager',
],
...
],
By default all views use standard yii2-bootstrap package with Boostrap v3. If you use modern Bootstrap 4, then you can overwrite some classes to use yii2-bootstrap4 package instead. Inside your configuration you need to reconfigure container dependencies like this:
'container' => [
'definitions' => [
// you can create your own GrivView to customize all options for main roles and permissions lists.
'justcoded\yii2\rbac\widgets\RbacGridView' => [
'class' => \app\modules\admin\widgets\RbacGridView::class,
],
// this will replace bootstrap3 ActiveForm with bootstrap4 ActiveForm.
'justcoded\yii2\rbac\widgets\RbacActiveForm' => [
'class' => \yii\bootstrap4\ActiveForm::class,
],
],
],
- Note: you need to add
yiisoft/yii2-bootstrap4
package dependency manually in yourcomposer.json
.
Please follow oficial documentation to configure RBAC storage (create necessary files or database tables).
If you use DbManager you can init database tables with the following migration command:
yii migrate --migrationPath=@yii/rbac/migrations
Before usage this extension you will need to init default roles, which are pre-defined for it.
To do that you will need to run several commands:
# init base roles and administer/master permission
php yii rbac/init
# assign master role to some user (in this case user with ID = 1)
php yii rbac/assign-master 1
# scan your application routes
php yii rbac/scan
# ADVANCED TEMPLATE ONLY: scan routes for rbac module.
php yii rbac/scan -p='@vendor/justcoded/yii2-rbac' -b='rbac/'
# BASIC TEMPLATE ONLY: in case you use 'admin' module for backend:
php yii rbac/scan -p='@vendor/justcoded/yii2-rbac' -b='admin/rbac/'
To use graphical interface just follow the route you specified as base when scan routes / configure module.
Note: Role Permissions selector is a hotfix solution, so it doesn't display proper tree structure when you move items between boxes. This will be fixed in next versions.
RouteAccessControl filter can be used inside specific controller (or globally) to control access to controller actions on very high level.
Routes scanner insert permissions like:
{controller->uniqueId}/* {controller->uniqueId}/{action->id}
On controller beforeAction this filter check that current logged in user has permissions to access these routes.
To enable filter inside some specific controller:
public function actions()
{
return [
'routeAccess' => [
'class' => 'justcoded\yii2\rbac\filters\RouteAccessControl',
],
];
}
Or you can configure this filter globally. Inside you current application config just add such section:
'as routeAccess' => [
'class' => 'justcoded\yii2\rbac\filters\RouteAccessControl',
'allowActions' => [
'site/*',
],
'allowRegexp' => '/(gii)/i', // optional
],
You can check the example on our Yii2 starter kit.