Yii Framework Forum

Yii2 RBAC text based Rules

(jeff@nd4c.com) #1

I’d like to request that the new Yii2 RBAC system allow the use of text based rules. This would not replace the current use of rules extended from the yii\rbac\Rule class, but would be an optional replacement for classes or an enhancement.

The reason for this is to make it easier to implement an online web-based RBAC manager. The previous Yii 1.. had text based business rules and this made it easier to manage without actually creating any new classes in the source code.

In the Yii2 Guide (as of 2015-03-12) it states:

“If your permissions hierarchy doesn’t change at all and you have a fixed number of users you can create a console command that will initialize authorization data once via APIs offered by authManager…”

However. in the sample the console command does not create any Rules but only adds Rules that have already been created manually in an editor.

Obviously, in PHP, classes can be created runtime (like with the Gii Module) but this adds a new level of complexity to an already complex situation - that of managing RBAC without breaking RBAC.

I realize this might not be worth the effort since, with the current class based system, it is not impossible to create a web based manager. But if it’s not too difficult and would work as well as the Rule class, then I can see this as a real benefit to the framework.

My guess is that most Rules classes would be pretty slim and use the execute method as a simple function. I can imagine that storing anonymous functions would work quite easily.

(jeff@nd4c.com) #2

As an added note:

Storing functions as strings would require the use of eval like the Yii 1.. RBAC system. So, again, I want to say this might not be worth the effort.

(Alexander Makarov) #3

We aren’t going to implement it. It’s much harder to debug these and it’s not really safe (in case of unauthorized DB access).