This shows how to implement Context and Access Filter for Yii2 framework
The preferred way to install this extension is through composer.
Either run
$ php composer.phar require "claudejanz/yii2-context-access-filter": "dev-master"
or add
"claudejanz/yii2-context-access-filter": "dev-master"
to the require section of your composer.json file.
install rbac as in doc Role based access control (RBAC)
###in RbacController
class RbacController extends Controller {
public function actionIndex() {
$auth = Yii::$app->authManager;
$auth->removeAll();
// add "view" permission
$view = $auth->createPermission('view');
$view->description = 'view';
$auth->add($view);
// add "create" permission
$create = $auth->createPermission('create');
$create->description = 'create';
$auth->add($create);
// add the rule
$rule = new \claudejanz\contextAccessFilter\rules\OwnRule();
$auth->add($rule);
// add "update" permission
$update = $auth->createPermission('update');
$update->description = 'update';
$auth->add($update);
// add the "updateOwn" permission and associate the rule with it.
$updateOwn = $auth->createPermission('updateOwn');
$updateOwn->description = 'update own';
$updateOwn->ruleName = $rule->name;
$auth->add($updateOwn);
// make "updateOwn" child from "update"
$auth->addChild($update,$updateOwn);
// add "delete" permission
$delete = $auth->createPermission('delete');
$delete->description = 'delete';
$auth->add($delete);
// add the "deleteOwn" permission and associate the rule with it.
$deleteOwn = $auth->createPermission('deleteOwn');
$deleteOwn->description = 'delete own';
$deleteOwn->ruleName = $rule->name;
$auth->add($deleteOwn);
// make "deleteOwn" child from "delete"
$auth->addChild($delete,$deleteOwn);
// add "reader" role and give this role the "view" permission
$reader = $auth->createRole('reader');
$auth->add($reader);
$auth->addChild($reader, $view);
// add "moderator" role and give this role the "create" permission
// as well as the permissions of the "updateOwn" and "deleteOwn" role
// and the permissions of the "reader" role
$moderator = $auth->createRole('moderator');
$auth->add($moderator);
$auth->addChild($moderator, $create);
$auth->addChild($moderator, $updateOwn);
$auth->addChild($moderator, $deleteOwn);
$auth->addChild($moderator, $reader);
// add "admin" role and give this role the "update" and "delete" permission
// as well as the permissions of the "moderator" role
$admin = $auth->createRole('admin');
$auth->add($admin);
$auth->addChild($admin, $update);
$auth->addChild($admin, $delete);
$auth->addChild($admin, $moderator);
// Assign roles to users. 1, 2 and 3 are IDs returned by IdentityInterface::getId()
// usually implemented in your User model.
$auth->assign($admin, 1);
$auth->assign($moderator, 2);
$auth->assign($normal, 3);
}
}###in controller
public function behaviors() {
return [
'context' =>[
'class' => \claudejanz\contextAccessFilter\filters\ContextFilter::className(),
'only' => ['update','delete'],
// model to load
'modelName' => Vin::className(),
],
'access' => [
'class' => \claudejanz\contextAccessFilter\filters\AccessControl::className(),
'only' => ['create', 'update','delete'],
'rules' => [
[
'allow' => true,
'actions' => ['create'],
'roles' => ['create'],
],
[
'allow' => true,
'actions' => ['update'],
'roles' => ['update'],
],
[
'allow' => true,
'actions' => ['delete'],
'roles' => ['delete'],
],
],
],
'verbs' => [
'class' => \yii\filters\VerbFilter::className(),
'actions' => [
'delete' => ['post'],
],
],
];
}
// update function
public function actionUpdate($id) {
$model = $this->model;
if ($model->load(Yii::$app->request->post()) && $model->save()) {
return $this->redirect(['view', 'id' => $model->id]);
} else {
return $this->render('update', [
'model' => $model,
]);
}
}
// delete function
public function actionDelete($id) {
$this->model->delete();
return $this->redirect(['index']);
}