I am designing a system but I need to give the admin user the power to create roles and assign a set of permissions against them.
Currently in the RBAC
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['index','view'], // these action are accessible
//only the yourRole1 and yourRole2
'allow' => true,
'roles' => ['yourRole1', 'yourRole2'],
],
[ // all the action are accessible to superadmin, admin and manager
'allow' => true,
'roles' => ['superAdmin', 'admin', 'manager'],
],
],
],
];
}
However what I ideally need is
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['index','view'],
'allow' => true,
'permission' => ['canView'],
],
[
'actions' => ['update','delete'], // these action are accessible
'allow' => true,
'permission' => ['canDelete', 'canUpdate'],
],
],
],
];
}
By doing this and creating a set of permissions an admin user can then create roles, assign permissions and assign roles to users.
Does anyone know of a package for yii2 that does this?
The AccessControl Filter you are using already allows you to do that via the "permissions" field.
[
'actions' => ['index','view'],
'allow' => true,
'permissions' => ['canView'],
],
Check the documentation:
http://www.yiiframework.com/doc-2.0/yii-filters-accessrule.html#$permissions-detail
Related
I use the AuthComponent and I want when the session expires and the user press a link or refreshes, to redirect him on the login page.
However for some actions I don't want above redirect, even if user is logged out, as they are used as an API by another application also.
For example, I want to allow the 'view' action for logged-out users, but redirect the 'index' action.
My AppController.php is:
$this->loadComponent('Auth', [
'authorize' => [
'Acl.Actions' => ['actionPath' => 'controllers/']
],
'authenticate' => [
'Form' => [
'fields' => [
'username' => 'username',
'password' => 'password'
]
]
],
'loginAction' => [
'plugin' => false,
'controller' => 'Users',
'action' => 'login'
],
'loginRedirect' => [
'controller' => 'Pages',
'action' => 'index',
'plugin' => 'Pages'
],
'logoutRedirect' => [
'plugin' => false,
'controller' => 'Users',
'action' => 'login'
],
]);
If I add below, 'index' is also working if user is logged-out, even though it should be in deny state.
MyController.php
public function beforeFilter(\Cake\Event\Event $event)
{
$this->Auth->allow('view');
The only way I managed to do what I want is to add it in the controller action as:
MyController.php
public function index()
{
if (empty($this->auth_user['username'])) {
return $this->redirect($this->Auth->logout());
}
Is there a better way to do this?
I've been working on a project and the first thing I did was adding the Authentication and Authorization plugins. I did not used AuthComponent at all since its deprecated.
Now I want to add extra logic on the database and installed the ACL Plugin. I haven't managed to find documentation and all the examples on the internet implement the plugin using the old AuthComponent.
What I need is find a way to make for the ACL to use the new Authentication plugin
This is my AppController.php:
public function initialize(): void
{
parent::initialize();
$this->loadComponent('RequestHandler');
$this->loadComponent('Flash');
// Add this line to check authentication result and lock your site
$this->loadComponent('Authentication.Authentication');
$this->loadComponent('Authorization.Authorization');
$this->loadComponent('Acl', [
'className' => 'Acl.Acl'
]);
$this->loadComponent('Auth', [
'authorize' => [
'Acl.Actions' => [
'actionPath' => 'controllers/',
'userModel' => 'Users'
]
],
'authenticate' => [
'Form' => [
'fields' => ['username' => 'email'],
'userModel' => 'Users'
],
],
'loginAction' => [
'plugin' => false,
'controller' => 'Users',
'action' => 'login'
],
'loginRedirect' => [
'plugin' => null,
'controller' => 'Users',
'action' => 'index'
],
'logoutRedirect' => [
'plugin' => null,
'controller' => 'Users',
'action' => 'login'
],
'unauthorizedRedirect' => [
'controller' => null,
'action' => 'login',
'prefix' => false
],
'authError' => 'You are not authorized to access that location.',
'flash' => [
'element' => 'error'
]
]);
/*
Found on stackoverflow that "These two plugins are not ment to work together, cakephp/acl is strictly ment for use with the deprecated auth component. If you want ACLs for cakephp/authorization, then you need to implement that yourself".
I have no idea how to do that, so Im still listening if anyone has any idea on how to do that or what could be another solution.
I'm trying to get login page before going admin page in Yii2. For example when I write on browser http://project/admin/ should redirect me on login page as http://project/admin/login.Please anyone help me.
In Module.php
public function behaviors(){
return [
'access' => [
'class' => \yii\filters\AccessControl::className(),
'rules' => [
[
'allow' => true,
'roles' => ['#']
],
],
],
];
}
public function init()
{
parent::init();
Yii::$app->user->loginUrl = '/admin/main/login';
}
You just need to set rules (inside you behavior method) saying which actions are allowed to be accessed when the user is logged or not. In your case, the login action can be accessed when the user is not logged, like this:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'allow' => true,
'roles' => ['#'],
],
],
],
];
}
I have a project where I am implementing an existing Yii project on top. The issue is the new Yii project has its own user login and authentication. I want to allow anyone access by global rights or just remove all of the authentication all together and use my own page authentication.
In my site controller I have modified to:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'roles' => ['?'],
],
// ...
],
],
];
}
I have removed the actionLogin() and actionLogout() from this site controller as well but am still sent to the logon page.
*: any user, including both anonymous and authenticated users.
?: anonymous users.
#: authenticated users.
This is what I have added:
https://github.com/gugoan/economizzer
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::classname(),
'only' => ['index','create','update','delete','view','target','accomplishment','overview','performance'],
'rules' => [
[
'allow' => true,
'roles' => ['*']
],
]
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post'],
],
],
];
}
There is no role *, you need to use:
'roles' => ['?', '#']
This question already has answers here:
Yii2 global filter/behavior to force user to authenticate first
(2 answers)
Closed 7 years ago.
I am new to Yii2.
How can i check if user is logged in or not?
If user is not logged in then it should redirect to login page.
Is there any global solution?
I set the 'access' behaviors in all controllers
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['logout', 'signup'],
'rules' => [
[
'actions' => ['signup'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout'],
'allow' => true,
'roles' => ['#'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
or check the Yii::$app->user->isGuest value