The correct way to use RBAC Rules with the permissions

Hi all,

I have a Yii2 advanced template with mdmsoft/yii2-admin module

I have two tables club and players

I have a role « Football Club » which can see only his own players. So for that I’ve created a controller action actionList to list only the players of the club.

Now I created a rule to check if a club can view a player like this :

    class PlayerViewRule extends Rule


        public $name = 'ViewOwnPlayer';

        public function execute($user, $item, $params)


            $userModel = \common\models\User::findOne($user);

            $player = \app\models\Player::findOne((int) $_GET['id']);

            if (!$player) throw new \yii\base\InvalidParamException("Player doesn't exist!");

            return (Yii::$app->user->identity->isAdmin) ? 

                true : 

                (($userModel) ? $userModel->userType->id_club == $player->id_club : false);



In my module, I’ve created a new rule with name : ViewOwnPlayer and assigned the class above (PlayerViewRule) to that rule.

I’ve created a new persmission : JoueurViewOwn using the route /player/view which use my PlayerViewRule.

Now in my application, when I visit the link /player/list (so that the club can see a list of all his players) the execute() function of the rule PlayerViewRule is executed (even if I only assign this rule to the route /player/view)

I want to execute my rule only when a user visits /player/view but not with /player/list or any other action.

Is there any mistakes with my reasoning ? Or it’s just a bug of the mdmsoft/yii2-admin module ?

Thanks in advance

Any orientation please?

No one can help?