Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Use built-in rbac or build own?

Tags:

yii2

yii2-advanced-app

Following scenario:

I have a multi tenant web application in Yii2' advanced template.

This application has three portals:
- backend
- dashboard
- frontend

Each portal has its own user table for authentication.
(-frontend_user,
-dashboard_user,
-backend_user)

Frontend and dashboard can reached with the tenant's name at the end, e.g.:

When a user tries to login to dashboard or frontend I have to check if they have a right to login. This happen via contingency table (e.g.: dashboard_user_tenant)

Now I want to build a rbac for the dashboard application.

But roles should not hang at the dashboard user but at dashboard_user_tenant (the contingency table), because rights can change in each tenant's dashboard.

Yii2 has its own rbac system, but as I understand so far, it doesn't fit on my needs.

Any chances to customize Yii2's rbac or is it better to build my own custom solution? Maybe my own component?

I hope my description is clear enough :)

like image 371
Sarah West Avatar asked Oct 14 '15 09:10

Sarah West

1 Answers

I had a similar desire in one of my projects, but I didn't create my own full RBAC system, instead I overwrote a way of checking for the roles

In my User component class, I extend the \yii\web\User, and also overwrite the can() function of that class. That lets me use my own way of checking for the appropriate permissions. For example

<?php

namespace app\modules\users\models;

use Yii;
use yii\web\User as WebUser;

use app\modules\users\models\UserPermissionManager;

class User extends WebUser
{
    public function can( $operation, $params = [], $allowCaching = true ) 
    {
        if(Yii::$app->user->isGuest)
        {
            return false;
        }

        return ( new UserPermissionManager() )->has( $operation );
    } 
}

In the UserPermissionManager class, it queries a database table that is full of permissions such as "users:access", "users:edit", etc

They all have a certain user level assigned to them which relates to the user level I have set in my Users database table.

All the can() function needs to do is return true or false, depending on if this user has the permission to do what it's being asked. You can handle this however you like really.

It's quite a big system to explain fully in one post but I hope it's helped slightly, feel free to let me know if I can explain anything any better!

like image 95
Lynch Avatar answered Dec 25 '22 12:12

Lynch
Sign in to Comment

Related questions

Yii2: logout from all browser after a user change password
Conditional AppAssets
Capcha always show incorrect
Yii2 Nav widget : active item
PHP Running Background jobs without waiting for response Non Blocking mode Like Trigger type
Yii2: Get selected rows data from gridView checkbox columns into controller
Yii2 wbraganca-dynamicform updation using yii2-relation-trait not deleting items
Yii2 QueryBuilder Update with Join
How to update widget with pjax in modal window in yii2
Yii 2: Pjax + Gridview delete does not send ajax request
CSRF issue when using AJAX submit via link in Yii2
HTTP headers are not being changed: yii2
Yii2: use error handler only for fatal errors or specify handled error types
Yii2 Extended/Customize GridView
ReactJS AXIOS post doesn't work
Yii2: How can I add an JavaScript library via composer?
Strange (?) value change when saving double-type data (geolocation) into database
Call to a member function saveAs() on a non-object[Yii 2]
how to automate the functional testing in yii2?
Multiple Model on same ActiveForm yii2

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!