RBAC denyCallback unresponsive / slow

Ive recently finished setting up RBAC in my Yii2 app, and have some of the User::can() checks working as expected. Im making general rules for my controllers now, and have run into some odd behavior when a ‘deny’ is hit. Im using PhpManager instead of DbManager for RBAC, since my CMS is light and there will only be 2 users ever. I also had the expectation that the PhpManager version would be far faster than DbManager.

Whenever the current role lacks authorization to perform the current controller action, the application locks up for many seconds. Browser is unresponsive, operating system things the browser client is locked up, and after maybe 4-10 seconds, it responds with the appropriate ‘403’ or ‘404’ exception.

This happens if I have a ‘denyCallback’ property set or not. The default behavior (no ‘denyCallback’ defined) is no different than having a deny callable set - same slowness to respond. Here is the relevant code for my controller:

    /**

     * @inheritdoc

     */

    public function behaviors()

    {

        return [

            'access' => [

                'class' => AccessControl::className(),

                'rules' => [

                    [

                        'actions' => ['view'],

                        'allow'   => true,

                        'roles'   => ['@']

                    ],

                    [

                        'actions' => ['selectmediatype', 'create', 'index', 'update'],

                        'allow'   => true,

                        'roles'   => ['author']

                    ],

                    [

                        'actions' => ['delete'],

                        'allow'   => true,

                        'roles'   => ['admin']

                    ]

                ],

                'denyCallback' => function ($rule, $action) {

                    throw new HttpException(403, "Invalid authorization for this action.");

                }

            ]

        ];

    }

Has anyone experienced this slowness, and/or have an explanation for it? I havent had time to dig deep into why. I can post my items.php, assignments.php, and rules.php if needed, but theyre quite simple and pretty much follow the example set in the Authorization Guide.

Update: this still happens, but its way, way, way "less unresponsive". I keep my yii2 checkout up to date with a composer update every morning, so some changes over the last 2 months have alleviated this somewhat. My whole system only locks up for about 1 second now, instead of 5-10+ seconds as before, which isnt nearly as annoying. I havent changed any of my application code regarding this issue. Seems like a code smell to me (with regard to the framework).

LOL this thread … so yah this is def going to be my last application I ever write with Yii. Cant believe how many problems there are, and what little support there is to resolve them! Heck, I spend hours trying to figure out strange idiomatic ways for writing something as trivial as a single line of markup, due to poor documentation (or faux-documentation), when I could just type the line out in plain HTML or whatever and be done in 3 seconds. Basically, using Yii has inflated my development time by a factor of 10. Dont think I can handle this much further.

Anyways, this happens again. Anytime I hit a generic 403 Forbidden via simple, default controller behaviors, such as this:

class UserController extends Controller

{

    /**

     * @inheritdoc

     */

    public function behaviors()

    {

        return [

            'access' => [

                'class' => AccessControl::className(),

                'rules' => [

                    [

                        'actions' => ['index', 'create', 'update', 'delete'],

                        'allow'   => true,

                        'roles'   => ['admin']

                    ]

                ],

                'denyCallback' => function ($rule, $action) {

                    throw new HttpException(403, "Invalid authorization for this action.");

                }

            ]

        ];

    }

… my application locks up for about 30 seconds, then finally returns the 403 error.

This is pretty crazy lol. Def wont be making any new apps with Yii!!

The most probable reason for not getting an answer is that no one else experienced this problem and therefore no one has a solution. Maybe a server configuration issue?

The easiest way to write a single line of markup in Yii2 is …to write a single line of markup. You don’t have to find an “idiomatic” way for everything, plain HTML and PHP works well with Yii.