Hi, i have question and I have hope that will be helpful
If i would like restrict entry backend site for normal user I can use RBAC and create roles. [Admin],[User], then create permissions, e.g entryBackendSite and assign the role to a user.
e.g
role: Admin,user
permission: entryBackendSite
assignment Admin- userId1 user- userId2
now i can check permisions for each controller and each controller Action in backend
if( Yii::app->user->can("entryBackendSite")) {
//CODE
}
else
throw new ForbiddenHttpException("you not have a permissions");}
advantages: i can limit permissions for user and fulfill a goal.
disadvantages: I have to check each controller action and each Controller in backendSite
You can place your check permissions code in the method beforeAction() of your backed controller and do not check each action separately
public function beforeAction($action)
{
// your custom code here, if you want the code to run before action filters,
// wich are triggered on the [[EVENT_BEFORE_ACTION]] event, e.g. PageCache or AccessControl
if (!parent::beforeAction($action)) {
return false;
}
// other custom code here
if( Yii::app->user->can("entryBackendSite")) {
//CODE
}
else
throw new ForbiddenHttpException("you not have a permissions");}
return true; // or false to not run the action
}
OR check aceess with this way
if (\Yii::$app->user->identity->getRole() != 'admin')
throw new ForbiddenHttpException("you not have a permissions");}
class User extends \yii\db\ActiveRecord implements \yii\web\IdentityInterface
{
...
public function getRole() {
//getting user role from database
}
...
}
OR
if (\Yii::$app->user->identity->role != 'admin')
throw new ForbiddenHttpException("you not have a permissions");}
first solution seems interesting, but i not understand, what do I need to put in place //code ? I want check all action controllers, and there i can’t do this. Can you show very simple example for one controller act
class SiteController extends Controller
{
public function beforeAction($action)
{
if (!parent::beforeAction($action)) {
return false;
}
if(!Yii::app->user->can("entryBackendSite"))
throw new ForbiddenHttpException("you not have a permissions");
return true;
}
}
All actions in controller SiteController will be avaiable only for administrators
Ok, but if I have in database hierarchy structure roles e.g Admin,User. (RBAC)
Only Admin can create,update,delete Category. So how i can this write? I also tried
this code which should call method can() who will check permission… but it not working correctly. What is wrong? or please give me other way to solution my problem, maybe before Action()?