Hi,
I use Yii 2.0 advanced template and I created my tables ‘RBAC’ and
I try implant the Building Authorization Data by according to followings articles
http://www.yiiframework.com/wiki/848/installation-guide-yii-2-advanced-template-with-rbac-system/
http://www.yiiframework.com/doc-2.0/guide-security-authorization.html
So I have some urls like these:
localhost/index.php?r=admin/permission
localhost/index.php?r=admin/role
localhost/index.php?r=admin/assignment
localhost/index.php?r=admin/route
[font="Arial Black"]here is my resume :[/font]
I create, for example, two permission on following URL : index.php?r=admin/permission
(on the table of MySql : auth_item)
-
Name : createDepartment
Description : create Departement
Rule Name : [color="#8B0000"]empty / nothing[/color]
Data : [color="#8B0000"]empty / nothing[/color]
-
Name : superAdmin
Description : superAdmin can create
Rule Name : [color="#8B0000"]empty / nothing[/color]
Data : [color="#8B0000"]empty / nothing[/color]
And I can give a permission at superAdmin to createDepartment on index.php?r=admin%2Fpermission%2Fview&id=superAdmin
(on the table of MySql : auth_item_child)
-
parent : superAdmin
-
child : createDepartment
and I assign admin right [superAdmin] to a user : on /index.php?r=admin%2Fassignment%2Fview&id=2
(on the table of MySql : auth_assignment)
-
item_name: superAdmin
-
user_id: 2
And I rectified DepartmentController.php [yii2-app-advanced\backend\controllers]
by adding if condition :
if (Yii::$app->user->can('createDepartment'))
else
{
throw new ForbiddenHttpException;
}
like this :
if (Yii::$app->user->can('createDepartment'))
{
$model = new Department();
if ($model->load(Yii::$app->request->post()) && $model->save()) {
return $this->redirect(['view', 'id' => $model->id]);
} else {
return $this->render('create', [
'model' => $model,
]);
}
}
else
{
throw new ForbiddenHttpException;
}
etc… So now only "superAdmin" can create a department.
It’s works.
[font="Arial Black"]So here is all my questiion on RBAC[/font]
1- what is it a Data fields when I create a permission/role (auth_item) index.php?r=admin/permission ?
[list=1]
[*] 1.1 on the mySql table [auth_item], what is ‘type’ field ?
[*] 1.1.1 I have always 2 (value) at this field [type]. Why ?
[/list]
2- What is it exactly a rule with RBAC ?
-
2.1 how can I create a rule ?
-
2.1.1 by which url : ?
-
2.2 can I create a rule when I create a permission by filling ‘Rule Name’ field ?
3- What is it exactly a role with RBAC [/index.php?r=admin/role]?
-
3.1 can you give me a exemple ?
-
3.1.1 How and where can I use a role ?
4- Must I change MANUALLY [color="#FF0000"]all my controllers[/color] for assign admin right [color="#FF0000"]by adding if condition[/color] [Yii::$app->user->can] or are there an automatisation by RBAC ?
- 4.1 if yes, how I can implant this automatisation ?
Thanks