module security

I have created a module for admin usage and I want to restrict this to certain users. In my user table I have a boolean column called isAdmin that basically indicates this.

Is there a way for me to restrict access to the entire module to users where $user->isAdmin is true?

Do I need to implement the full RBAC extension into my site?


No, not necessarily. You can activate yii\filters\AccessControl without RBAC and use matchCallback to check if user has admin rigths. The possible disadvanatage is that it makes a bit more difficult to implement future changes - you have to add new columns to user table if you want more fine-grained access control later.