define access role to all user (user,guest,admin,..) in yii2

0
votes

I use rbac (dektrium) and ACF to check to access users in my project (yii2). I created some role for example :admin, manager, suser,user,.. I have some actions that all user can use its for example view action. how can define in behaviors method that all user can use view action? To do this we assigned actions to user '*' in yii1.

...
    array('allow',  // allow all users to perform 'index' and 'view' actions
                    'actions'=>array('view'),
                    'users'=>array('*'),
                ),
...

in yii2 use this code () 

...
 [
                    'allow' => true,
                    'actions' => ['view'],
                    'roles' => ['?'],
                ],
...

but when admin user or manager user want to access to myController/view shows forbidden. only guests can access to myController/view, how can define a role or access to access to all user by default?

1
yii2rolesrbac

1 Answers

0
votes

If you want to allow everyone to access action then there is no need to apply access filter for that action. To avoid applying access filter for specific actions you can use $except property of yii\filters\AccessControl. For example like this:

public function behaviors()
{
    return [
        'access' => [
             'class' => AccessControl::className(),
             'except' => ['view'],
             'rules' => [
                //rules for other actions ...
             ]
         ],
         //other behaviors ...
    ];
}

Other option would be to use a combination of roles ? (guests) and @ (all logged in users) like this:

[
    'allow' => true,
    'actions' => ['view'],
    'roles' => ['?', '@'],
]

There is also $only property in yii\filters\AccessControl that allows to apply filter only to explicitly named actions. But it's better to use $except for security reasons.

Resources: