How I can organize correct rbac hierarchy for some roles with rules in yii2?

0
votes

I want make hierarchy RBAC different for some user roles.

Rbac system checked in reverse and recursive for roles and permissions (checkAccess function in DBManager). I don't understand how I can make chain roles/permission for concrete user Role.

I have postController. Roles: admin, author. Permission updatePost.

And two Permissions busyPostRule, authorPostAccessRule.

For example, for admin role I need chain in order (updatePost - busyPostRule - admin) for author (updatePost - authorPostAccessRule - busyPostRule - author). How I safe these order checks for user roles?

Admin only busyPostRule.

Author first authorPostAccessRule, second busyPostRule

enter image description here

In postController AFC:

                [
                    'allow' => true,
                    'actions' => ['update'],
                    'roles' => ['updatePost'],
                ],

If admin role opened update page:

chain (updatePost - busyAdminRole - admin), but if author role:

chain (updatePost - busyAdminRole - admin - BACK - authorAccessRole - busyAuthorRole - author).

How ignore check "busyAdminRole" ?

1
yii2rbac
I think you misunderstanding the way how the RBAC has to work. admin has to have all privileges with let's say delete role and author can have update role, user just view the post. So admin can delete, update post but author can just update. Every role is inherited from the lower one. So the admin inherit author access privileges. You can learn more here: yiiframework.com/doc/guide/2.0/en/security-authorizationSerghei Leonenco

1 Answers

0
votes

Try mdmsoft/yii2-admin, you can setup your roles, permissions and routes as you need on the go.

https://github.com/mdmsoft/yii2-admin

Also has helpers like:

use mdm\admin\components\Helper;

'columns' => [
    ...
    [
        'class' => 'yii\grid\ActionColumn',
        'template' => Helper::filterActionColumn('{view}{delete}{posting}'),
    ]
]```