I’ve setup rbac and wonder if there are better ways to do the check in each controller actions.
For each action in the controller, I have the code
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
// We will override the default rule config with the new AccessRule class
'only' => ['index', 'view', 'create', 'update', 'delete'],
'rules' => [
[
'allow' => true,
'roles' => ['@']
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post'],
],
],
];
}
public function actionIndex()
{
if (!Yii::$app->user->can('read')) {
throw new ForbiddenHttpException();
}
// do some useful things
}
public function actionCreate()
{
if (!Yii::$app->user->can('create')) {
throw new ForbiddenHttpException();
}
}
public function actionDelete()
{
if (!Yii::$app->user->can('delete')) {
throw new ForbiddenHttpException();
}
}
Can I put the rbac permission check in behaviors (not sure if possible) ? My goal is reducing if check in each actions if possible.