I created roles, permission and routes, rules and assignment using rbac. But my problem is how we configure it in controller to automatically check if the user has or not the permission to do an action.
For example in Yii1.1 the controller has to be extend Rcontroller.
If i follow the yii2 guide about it, i have to hard code the permission checking (\Yii::$app->user->can()) for each action.
It is possible to use rbac in the controller without hard coded checking if the user can do the task?
What i want to avoid is to hard code the name of the role in the controller. With this you have to know the name of the role created at the front end level. Is there any way to use rbac without hard code the role like in Yii1.1 ?
I’ve seen solution where permission is called something like ‘aaa/bbb’ where ‘aaa’ is controller’s id and ‘bbb’ is action’s id so you can prepare ACF rule that will check it based on current controller’s action.
Thks for the link and i implemented it successfully. But i have an issue when creating rule with the execute method.
I have a modele named Tabpost and i want to allow only the author to modify his post. Kindly seee below the method.
Rules to restrict Author to update only his own posts
class UpdatePostRule extends Rule
* @param string|integer $user the user ID.
* @param Item $item the role or permission that this rule is associated with
* @param array $params parameters passed to ManagerInterface::checkAccess().
* @return boolean a value indicating whether the rule permits the role or permission it is associated with.
public function execute($user, $item, $params)
Yii::info('user ID '.$user);
return isset($params['Tabpost']) ? $params['Tabpost']->user_id == $user : false;
When i execute the update action, i get this error:
Undefined index: Tabpost
Please it seems that i do not use the execute method well.