Doubts about Yii2 RBAC

Question

I\'ve been developing web apps using Yii 1.1.14 so far, but now it\'s time for an upgrade.

The company where I work has developed its own Access Control system, and I wa

Answer 1

I can only really answer 2.2 of your question, as 3 doesn't sound at all like something an RBAC should do. You could, however, get the information you needed from the rules table most likely, provided you followed a naming convention that matched your controllers or actions.

On to answering 2.2 though:

You can simply set the behavior like such:

public function behaviors()
{
    return [
        'access' => [
            'class' => AccessControl::className(),
            'rules' => [
                [
                    'allow' => true,
                    'actions' => ['view'],
                    'roles' => ['view-users'], //<-- Note, rule instead of role
                ],
        ]
    ]
}

This doesn't solve a different problem of 'view-own-users' style permissions, as this needs to inspect the ActiveRecord model (well, at least it does in my application). If You want to achieve this, take a look at my post in the Yii forums here:

http://www.yiiframework.com/forum/index.php/topic/60439-yii2-rbac-permissions-in-controller-behaviors/#entry269913