Yii 2 Extension to manage Role Base Access Control.
Requirements ¶
Yii 2.0 or above
Installation ¶
The preferred way to install this extension is through composer.
Either run
php composer.phar require mdmsoft/yii2-admin "*"
or add
~~~
"mdmsoft/yii2-admin": "*"
~~~
to the require section of your composer.json file.
Usage ¶
Once the extension is installed, simply modify your application configuration as follows:
return [
'modules' => [
'admin' => [
'class' => 'mdm\admin\Module',
]
...
],
...
'components' => [
....
'authManager' => [
'class' => 'yii\rbac\PhpManager', // or use 'yii\rbac\DbManager'
]
],
'as access' => [
'class' => 'mdm\admin\components\AccessControl',
'allowActions' => [
'admin/*', // add or remove allowed actions to this list
]
,
];
See Yii RBAC for more detail. You can then access Auth manager through the following URL: ~~~ http://localhost/path/to/index.php?r=admin ~~~
Resources ¶
Fork me on github
What about advanced template?
In the advanced template there is a common/config dir with 5 files.
Where must we insert the config ?
@realtebo
:D up to you
http://www.yiiframework.com/doc-2.0/guide-structure-modules.html#using-modules
How to find user role by code?
I am successful install yii2-admin, also able create role/permission, thanks for your extension.
I am able check permission by code like below
if (\Yii::$app->user->can('setRight')) { //if (\Yii::$app->user->identity->role == 10) { $menuItems[] = ['label' => 'SetRight', 'url' => ['/admin']]; }Question:
How to find user role by code?
@Scott_Huang
Can you elaborate your question. "code" what?
@Misbahul D Munir
Could you advise how to check user have which roles?
I would like below example(not existing now):
\Yii::$app->user->checkRole(['admin','author']);@Scott_Huang
This is not scope of extension. You can override
yii\web\Userand add that method or create behavior and attach to user component.class UserBehavior extends \yii\base\Behavior { public function checkRole($roles) { $roles = (array)$roles; foreach ($roles as $role) { if($this->owner->can($role)){ return true; } } return false; } }then attach to user component (at config)
'components' => [ ... 'user' => [ 'identityClass' => 'app\models\User', 'as ext' => 'path\to\UserBehavior', ], ]when will the stable version release?
when will the stable version release?
@laozhuforever
Insyaallah 1 November :D.
Please submit your issue here for better stable version.
@Misbahul D Munir
After check your code, I realize that actually I can use below code directly , thanks.
\Yii::$app->user->can('admin','author');Anyway, your behavior code also work, thx.
@Misbahul D Munir
Issue: Today, each uses can direct access locahost/mydomain/admin.
Below code allow all people can access, if I remove admin/*, then all people cannot access.
How to setting to only allow limited users which have specific roles or permission to access it?
Or I have to go to mdmsoft/yii2-admin/controllers to add AccessControl for each controller in behavior function?
'as access' => [ 'class' => 'mdm\admin\components\AccessControl', 'allowActions' => [ 'admin/*', // add or remove allowed actions to this list ] ],Scott_Huang
:D, what you asking its how this module used. You should grand access via application(module). Create new role(or permission), assign that role with route
admin/*. Then assign user with that role. After that, removeadmin/*fromallowAction. Do the same for all route that you want to controll.Admin access
Hi
how can I force module be accessible for just admin user?
Admin Access
@metall
go to
admin/roleselect youradminrole. assign it with routeadmin/*.remove
admin/*frommdm\admin\components\AccessControlWhat am I doing wrong? The module is accessible by guest!
Hi guys, sorry if this is really stupid, but I can't figure it out. I am still struggling to get this right.
I installed the module OK, I can access the user, I create some roles and permissions, I associated roles to users, but... the admin module is accessible even if no user is logged in!
Here is my code in config:
], 'modules' => [ 'admin' => [ 'class' => 'mdm\admin\Module', 'layout' => 'left-menu', 'controllerMap' => [ 'assignment' => [ 'class' => 'mdm\admin\controllers\AssignmentController', //'userClassName' => 'dektrium\user\models\User', 'userClassName' => 'common\models\User', 'idField' => 'id', ], ], 'menus' => [ 'assignment' => [ 'label' => 'Users' ], 'route' => null, ], ],And here is the code under "components":
'components' => [ 'authManager' => [ 'class' => 'yii\rbac\PhpManager', ], 'as access' => [ 'class' => 'mdm\admin\components\AccessControl', 'allowActions' => [ 'site/login', 'site/error', ], ], ],I am using the yii2-user module as well and common\models\User extends from dektrium\user\models\User
Any ideas?
Attach filter to application
@marianboricean
AccessControlfilter is not part ofcomponents, but to application.move this code
'as access' => [ 'class' => 'mdm\admin\components\AccessControl', 'allowActions' => [ 'site/login', 'site/error', ], ],to
return [ 'bootstrap'=>[...], 'modules'=>[...], 'components'=>[....], 'as access' => [ // here... ], ];@Misbahul D Munir, thank you
Thank you @Misbahul D Munir, that makes a lot of sense. Let me try it.. I'm really impressed that you replied to my concern right away :) Thank you again!
@Misbahul D Munir: Attaching filter to application breaks things
I am not sure what's wrong with my config. Now I get this message when tying to load my /site/index page:
Invalid Configuration – yii\base\InvalidConfigException User::identityClass must be set. 1. in /home/marian/mywww/public_html/RCCL_IT_Scorecard/vendor/yiisoft/yii2/web/User.php at line 151 142143144145146147148149150151152153154155156157158159160 /** * Initializes the application component. */ public function init() { parent::init(); if ($this->identityClass === null) { throw new InvalidConfigException('User::identityClass must be set.'); } if ($this->enableAutoLogin && !isset($this->identityCookie['name'])) { throw new InvalidConfigException('User::identityCookie must contain the "name" element.'); } } private $_identity = false; /** 2. in /home/marian/mywww/public_html/RCCL_IT_Scorecard/vendor/yiisoft/yii2/base/Object.php – yii\web\User::init() at line 107 3. yii\base\Object::__construct([]) [......] require(__DIR__ . '/../../common/config/main.php'), require(__DIR__ . '/../../common/config/main-local.php'), require(__DIR__ . '/../config/main.php'), require(__DIR__ . '/../config/main-local.php') ); $application = new yii\web\Application($config); $application->run();@marianboricean
Please read Yii2 docs. http://www.yiiframework.com/doc-2.0/yii-web-user.html
Your error is not about
yyi2-admin@Misbahul D Munir
Thank you. I know it's not about yii2-admin, but you can't blame me for trying taping into you vast knowledge about Yii2 :)
If I remove that part with "as access" with the class of yii2-admin, the application works. I will read again from the link you sent me, but that documentation is so dry.. no examples. I hope to be able to figure it out...
Thank you anyway for taking the time to reply so far.
./yii error
An error is showing when i run ./yii:
Exception 'yii\base\UnknownPropertyException' with message 'Getting unknown property: yii\console\Application::homeUrl' /vendor/yiisoft/yii2/di/ServiceLocator.php(73): yii\base\Component->__get('homeUrl') /vendor/mdmsoft/yii2-admin/Module.php(100): yii\di\ServiceLocator->__get('homeUrl')I must disable it to use ./yii
Call to undefined method app\models\User::find()
Thank you for this extension!
I installed on top of a fresh Yii2 app via composer and did the configuration per the instruction but when I visit:
http://localhost/path/to/index.php?r=admin
An error shows up: Call to undefined method app\models\User::find()
Can you please let me know what I did wrong?
Thanks!
How to use rule with this extensions
This extensions is great but I can't find any clear example how to use rule
I had created author rule and and author Permission
but I am not sure how this extension will take care of updating author post or author item.
I had seen this and I had understand the steps but how could this extension access executes method of rule that I had defined in AuthorRule.
http://www.yiiframework.com/doc-2.0/guide-security-authorization.html#rbac
Please let me know if any one already implemented the the author rule.
Thank you waiting for your response.
@nirmalroka
yii2-admin is more or less a graphical layer on top of yii2 core RBAC functionality and therefore following the docs on http://www.yiiframework.com/doc-2.0/guide-security-authorization.html#rbac is a good step.
When you have created the AuthorRule class as mentioned in http://www.yiiframework.com/doc-2.0/guide-security-authorization.html#using-rules, create the necessary roles, permissions and their relationships with the yii2-admin extension:
In [your-site]/index.php?r=admin/rule/index click "Create Rule" and fill in: "Name": "authorRule", "Class Name": "[path-to-author-rule]\AuthorRule. (e.g. "frontend\rules\AuthorRule".)
In [your-site]/index.php?r=admin/permission/index click "Create Permission" and fill in: "Name": "updatePost", "Description": "Update post". (Leave other fields blank.)
In [your-site]/index.php?r=admin/permission/index click "Create Permission" and fill in: "Name": "updateOwnPost", "Description": "Update own post", "Rule Name": "authorRule". (Leave other fields blank.)
In [your-site]/index.php?r=admin/permission/index click the view icon for the "updatePost" permission and assign permission "updateOwnPost" to make "updateOwnPost" a child of "updatePost".
Create roles, assign permissions to roles and assign roles to users similar to steps above, following the code of the first code block on http://www.yiiframework.com/doc-2.0/guide-security-authorization.html#generating-rbac-data.
I'm not too sure about step 4., it could be just the other way around, just try them both ;).
You can now check for access following http://www.yiiframework.com/doc-2.0/guide-security-authorization.html#access-check:
if (\Yii::$app->user->can('updatePost', ['post' => $post])) { // update post }An excellent extension and still relevent today (2019).
There is a problem with the installation instructions for Composer:
php composer.phar require mdmsoft/yii2-admin "*"This gives a PHP Fatal Error
The later version of Composer are allocating too much memory when they encounter
"*".The fix is:
change the
"*"to an actual version number like"~2.9"and it works OK.If you have any questions, please ask in the forum instead.
Signup or Login in order to comment.