Access Rules not working

Yii 2.0 General Discussions
1

Hi,

Here is my behaviors method …




public function behaviors() {

			

			return [

				

				"access" => [

					

					"class" => AccessControl::className(),

					"only" => ["create"],

					"rules" => [

						

						[

							

							"allow" => true,

							"controllers" => ["user"],

							"actions" => ["create"],

							"roles" => ["*"]

							

						]

						

					]

					

				]

				

			];

			

		}

Other actions work fine with no problems. But when I click on a "create" action I get the following error …

Call to a member function checkAccess() on a non-object

2

Ahh, it is OK. It was because controller and action IDs are case sensitive. Needed to start with capital letter.

3

Ok, it is not working as a expected.

Could someone show me an example of how to ban users from everything except the project/create action please?

James.

4

Anyone know how to do this?

My guess would it be one deny rule followed by an allow rule for the create action.

But I cannot get it working, so if someone can show me an example of how it would work please do so.

5

Hi James,

try to use this module, it’s great module for Access Rules

https://github.com/mdmsoft/yii2-admin

6

I use this, With a matchCallback I check if the actual user has view, create, update or delete rights, it’s my own implementation of an RBAC system.





    public function behaviors()

    {

        return [

            'access' => [

                'class' => \yii\filters\AccessControl::classname(),

                'only' => ['index', 'view', 'create', 'update', 'delete'],

                'rules' => [

                    [

                        'actions' => ['index', 'view'],

                        'allow' => true,

                        'roles' => ['@'],

                        'matchCallback' => function($rule, $action){

                            return PermissionHelpers::userAccess('UMS', 'V');

                        }

                    ],

                    [

                        'actions' => ['update'],

                        'allow' => true,

                        'roles' => ['@'],

                        'matchCallback' => function($rule, $action){

                            return PermissionHelpers::userAccess('UMS', 'U');

                        }

                    ],

                    [

                        'actions' => ['create'],

                        'allow' => true,

                        'roles' => ['@'],

                        'matchCallback' => function($rule, $action){

                            return PermissionHelpers::userAccess('UMS', 'C');

                        }

                    ],

                    [

                        'actions' => ['delete'],

                        'allow' => true,

                        'roles' => ['@'],

                        'matchCallback' => function($rule, $action){

                            return PermissionHelpers::userAccess('UMS', 'D');

                        }

                    ],

                /*

                    [

                        'actions' => ['index', 'view', 'create', 'update', 'delete'],

                        'allow' => true,

                        'roles' => ['@']

                    ]

                 */

                ]   

            ],

            'verbs' => [

                'class' => VerbFilter::className(),

                'actions' => [

                    'delete' => ['post'],

                ],

            ],

        ];

    }
7

Hi,

That is what I was looking for.

Is permission filter your own class you have made?

I was going to use the DB RBAC but for the app I am making currently it is a bit overkill.

James.

8

Your original rules only apply to the create action.

Remove ""only" => ["create"]," and then add something like




'rules' => [

	[

		'allow'   => true,

		'actions' => ['create']

	],

        [

	        'allow' => false,

	        'actions' => [],

        ]
9

Hi flarpy and everyone,

I have got it working now, thanks.

I did not have to use the "allow" => false as it seems it denies access to all methods anyway and you have to only state which are allowed.

James.

10

PermissionHelpers is a class I coded myself, you can put in the ‘callback’ whatever you want to extend your acces-rule, the userAccess method returns a true when the user has ‘C’ create rights for subsystem, UMS (UserManagementSystem). You can use your own method in the callback.