Context and Access Filters for yii2 framework

This shows how to implement Context and Access Filter for Yii2 framework

Installation

The preferred way to install this extension is through composer.

Either run

$ php composer.phar require "claudejanz/yii2-context-access-filter": "dev-master"

or add

"claudejanz/yii2-context-access-filter": "dev-master"

to the require section of your composer.json file.

install rbac as in doc Role based access control (RBAC)

Usage

in RbacController

class RbacController extends Controller {
    public function actionIndex() {
        $auth = Yii::$app->authManager;

        $auth->removeAll();

        // add "view" permission
        $view = $auth->createPermission('view');
        $view->description = 'view';
        $auth->add($view);

        // add "create" permission
        $create = $auth->createPermission('create');
        $create->description = 'create';
        $auth->add($create);

        // add the rule
        $rule = new \claudejanz\contextAccessFilter\rules\OwnRule();
        $auth->add($rule);

        // add "update" permission
        $update = $auth->createPermission('update');
        $update->description = 'update';
        $auth->add($update);

        // add the "updateOwn" permission and associate the rule with it.
        $updateOwn = $auth->createPermission('updateOwn');
        $updateOwn->description = 'update own';
        $updateOwn->ruleName = $rule->name;
        $auth->add($updateOwn);

        // make "updateOwn" child from "update"
        $auth->addChild($update,$updateOwn);

        // add "delete" permission
        $delete = $auth->createPermission('delete');
        $delete->description = 'delete';
        $auth->add($delete);

        // add the "deleteOwn" permission and associate the rule with it.
        $deleteOwn = $auth->createPermission('deleteOwn');
        $deleteOwn->description = 'delete own';
        $deleteOwn->ruleName = $rule->name;
        $auth->add($deleteOwn);

        // make "deleteOwn" child from "delete"
        $auth->addChild($delete,$deleteOwn);

        // add "reader" role and give this role the "view" permission
        $reader = $auth->createRole('reader');
        $auth->add($reader);
        $auth->addChild($reader, $view);

        // add "moderator" role and give this role the "create" permission
        // as well as the permissions of the "updateOwn" and "deleteOwn" role
        // and the permissions of the "reader" role
        $moderator = $auth->createRole('moderator');
        $auth->add($moderator);
        $auth->addChild($moderator, $create);
        $auth->addChild($moderator, $updateOwn);
        $auth->addChild($moderator, $deleteOwn);
        $auth->addChild($moderator, $reader);

        // add "admin" role and give this role the "update" and "delete" permission
        // as well as the permissions of the "moderator" role
        $admin = $auth->createRole('admin');
        $auth->add($admin);
        $auth->addChild($admin, $update);
        $auth->addChild($admin, $delete);
        $auth->addChild($admin, $moderator);

        // Assign roles to users. 1, 2 and 3 are IDs returned by IdentityInterface::getId()
        // usually implemented in your User model.
        $auth->assign($admin, 1);
        $auth->assign($moderator, 2);
        $auth->assign($normal, 3);
    }

}

in controller

    public function behaviors() {
        return [
            'context' =>[
                'class' => \claudejanz\contextAccessFilter\filters\ContextFilter::className(),
                'only' => ['update','delete'],
                // model to load
                'modelName' => Vin::className(),

            ],
            'access' => [
                'class' => \claudejanz\contextAccessFilter\filters\AccessControl::className(),
                'only' => ['create', 'update','delete'],
                'rules' => [
                    [
                        'allow' => true,
                        'actions' => ['create'],
                        'roles' => ['create'],
                    ],
                    [
                        'allow' => true,
                        'actions' => ['update'],
                        'roles' => ['update'],
                    ],
                    [
                        'allow' => true,
                        'actions' => ['delete'],
                        'roles' => ['delete'],
                    ],
                ],
            ],
            'verbs' => [
                'class' => \yii\filters\VerbFilter::className(),
                'actions' => [
                    'delete' => ['post'],
                ],
            ],
        ];
    }
    // update function
    public function actionUpdate($id) {
        $model = $this->model;

        if ($model->load(Yii::$app->request->post()) && $model->save()) {
            return $this->redirect(['view', 'id' => $model->id]);
        } else {
            return $this->render('update', [
                        'model' => $model,
            ]);
        }
    }
    // delete function 
    public function actionDelete($id) {
        $this->model->delete();

        return $this->redirect(['index']);
    }