Enable different views by rbac for a single page application


Am trying to write a SPA (Single page application)

I need to show different page views to users according to their role.

i’m learning and started the rbac filters but not sure yet how to do it

for example I managed to block all until user is logged in but i want the top navbar to be available also only after login

and show different parts (containers or whatever) of the page according to user’s role

What’s the best way of doint it?


It really depends on how you model your application and what javascript framework you are using.

You could make an ajax call every time an event is triggered or route is changed on client-side and decided based on the result you get back from your server. You shift your roles and permission checking to server side which in return will by slightly slow but you have much better system in terms of security since on every call you roles are checked against the database.

Alternatively you could load your roles as part of your initial page load and cache them maybe in your html header or in localStorage and then you can check against these roles to perform actions.

Create 2 layouts.

In controller action set them:

public function actionIndex() {

  if(Yii::$app->user->isGuest) {

    $this->layout = Yii::getAlias('@app/views/layouts/for-guest');


  else {

    $this->layout = Yii::getAlias('@app/views/layouts/for-logged-user');



  return $this->render('');


Similarly with roles and code blocks in layout.