rbac check permission

if (\Yii::$app->user->can('updatePost', ['post' => $post])) {

    // update post


The code above check permission/role for logged in user only.

I want to check if a specific user has certain permission and if they dont, assign that permission to the user.

How to do this?

Depends on the manager type you are using but for DbManager there is getPermissionsByUser.

You can add permissions to a role and assign that role to user.