PHPackages dastanaron/yii2-db-rbac - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. dastanaron/yii2-db-rbac ActiveYii2-extension[Authentication & Authorization](/categories/authentication) dastanaron/yii2-db-rbac ======================= Dynamic control of access rights in YII2 1.1.2.5(8y ago)034MITPHP Since Jul 15Pushed 8y agoCompare [ Source](https://github.com/dastanaron/yii2-db-rbac)[ Packagist](https://packagist.org/packages/dastanaron/yii2-db-rbac)[ RSS](/packages/dastanaron-yii2-db-rbac/feed)WikiDiscussions master Synced yesterday READMEChangelog (4)Dependencies (2)Versions (22)Used By (0) Dynamic Access Control for Yii2 =============================== [](#dynamic-access-control-for-yii2) ##### НА РУССКОМ [ТУТ](https://github.com/dastanaron/yii2-db-rbac/blob/master/README.RU.md) [](#на-русском-тут) The easiest way to create access control in Yii2 without changes in the code. This module allows creating roles and rules for Yii role base access (RBAC) via UI. It also allows assigning roles and rules for user via UI. Behaviour that checks access by the modules rules. ### Integrations [](#integrations) CMSModuleEasyiiCMS*Feel free to request integration with any CMS/Packages which is written on Yii2*### Installation guide [](#installation-guide) ``` $ php composer.phar require developeruz/yii2-db-rbac "*" ``` To work correctly, you must configure the module `authManager` in the application config file (`common/config/main.php` for advanced app or `config/web.php` and `config/console` for basic app) ``` 'components' => [ 'authManager' => [ 'class' => 'yii\rbac\DbManager', ], ... ] ``` Run migration to create `DbManager` table (it means that a connection to the database is already configured for the application) ``` $ yii migrate --migrationPath=@yii/rbac/migrations/ ``` Add the module ============== [](#add-the-module) Include module to the config file (`backend/config/main.php` for advanced app or `config/web.php` for basic app) ``` 'modules' => [ 'permit' => [ 'class' => 'developeruz\db_rbac\Yii2DbRbac', ], ], ``` If you want to setup layout, put it in the following way ``` 'modules' => [ 'permit' => [ 'class' => 'developeruz\db_rbac\Yii2DbRbac', 'layout' => '//admin' ], ], ``` If you use CNC, be sure that you have correct routing rules for modules ``` '//' => '//', '///' => '//', ``` **Adding links** **/permit/access/role - manage roles** **/permit/access/permission - manage access** ### Assigning role to a user [](#assigning-role-to-a-user) The module also has an interface for assigning roles to users. To work correctly, the module should be specified with `User` class in the module parameters. ``` 'modules' => [ 'permit' => [ 'class' => 'app\modules\db_rbac\Yii2DbRbac', 'params' => [ 'userClass' => 'app\models\User' ] ], ], ``` User class should implement `developeruz\db_rbac\interfaces\UserRbacInterface`. In most cases, you have to add function `getUserName()` which should return user's name. ``` use developeruz\db_rbac\interfaces\UserRbacInterface; class User extends ActiveRecord implements IdentityInterface, UserRbacInterface { ... public function getUserName() { return $this->username; } } ``` **For managing role for user with id=1, visit `/permit/user/view/1`** The easiest way is to add this as a button in `GridView` with users list. ``` echo GridView::widget([ 'dataProvider' => $dataProvider, 'columns' => [ ['class' => 'yii\grid\SerialColumn'], 'id', 'username', 'email:email', ['class' => 'yii\grid\ActionColumn', 'template' => '{view}  {update}  {permit}  {delete}', 'buttons' => [ 'permit' => function ($url, $model) { return Html::a('', Url::to(['/permit/user/view', 'id' => $model->id]), [ 'title' => Yii::t('yii', 'Change user role') ]); }, ] ], ], ]); ``` You can also assign a role to the user in the code, for example when user has been created. ``` $userRole = Yii::$app->authManager->getRole('name_of_role'); Yii::$app->authManager->assign($userRole, $user->getId()); ``` You also can check if a user has access in code thought `can()` method in User class ``` Yii::$app->user->can($permissionName); ``` $permissionName - could be a role name or a permission name. ### Configure module's Access Control [](#configure-modules-access-control) In the config you can set the list of roles that have access to module functionality. ``` 'modules' => [ 'permit' => [ 'class' => 'app\modules\db_rbac\Yii2DbRbac', 'params' => [ 'userClass' => 'app\models\User', 'accessRoles' => ['admin'] ] ], ], ``` Behaviour that checks access by the modules rules ================================================= [](#behaviour-that-checks-access-by-the-modules-rules) By using this behaviour you don't need to write `Yii::$app->user->can($permissionName)` in each action. Behaviour will check it automatically. It is also useful for access control with the third party modules. ### Configure behaviour [](#configure-behaviour) You have to include behaviour to the app config file, if you want to check access automatically. ``` use developeruz\db_rbac\behaviors\AccessBehavior; 'as AccessBehavior' => [ 'class' => \developeruz\db_rbac\behaviors\AccessBehavior::className(), ] ``` On `EVENT_BEFORE_ACTION` behaviour will check access for current user (`Yii::$app->user`) to the action. Action is allowed if: - a user has access to the action (rule: module/controller/action) - a user has acceess to any action in the controller (rule: module/controller) - a user has access to any action in the module (rule: module) ### Redirection if access denied [](#redirection-if-access-denied) By default if a user doesn't have access, behaviour will throw `ForbiddenHttpException`. Application can handle this exception as needed. You also can configure `login_url` where unauthorized user will be redirected, or `redirect_url` for redirecting a user when access is denied. ``` 'as AccessBehavior' => [ 'class' => \developeruz\db_rbac\behaviors\AccessBehavior::className(), 'redirect_url' => '/forbidden', 'login_url' => Yii::$app->user->loginUrl ] ``` ### Configure default access rules [](#configure-default-access-rules) After connecting behavior, access is available only to authorized users with certain rights. You can create default access rights in config file in the same way as you do in controller (`AccessControl`): ``` 'as AccessBehavior' => [ 'class' => \developeruz\db_rbac\behaviors\AccessBehavior::className(), 'rules' => ['site' => [ [ 'actions' => ['login', 'index'], 'allow' => true, ], [ 'actions' => ['about'], 'allow' => true, 'roles' => ['admin'], ], ] ] ] ``` In this example any user has access to `site/login` and `site/index` and only user with role `admin` has access to `site/about`. The rules described in the configuration take precedence over dynamically configurable rules. ### Configure areas of behavior responsibility [](#configure-areas-of-behavior-responsibility) By default, the rule is "all is prohibited unless is allowed." If the behavior is supposed to protect only certain routes, and all others should be accessible for all, please set up `protect` parameter ``` 'as AccessBehavior' => [ 'class' => \developeruz\db_rbac\behaviors\AccessBehavior::className(), 'protect' => ['admin', 'user', 'site/about'], 'rules' => [ 'user' => [['actions' => ['login'], 'allow' => true ], ['actions' => ['logout'], 'roles' => ['@'], 'allow' => true ]] ] ], ``` In this example, the behavior will check the user's permission to access the page only for paths beginning with `admin`,` user` and `site / about`. All other routes are available for all (not verified by the behavior). As you can see in the example, the parameter `protect` can be combined with `rules`. Select2 Inputs Config --------------------- [](#select2-inputs-config) To use rights with assigning them to roles, you must create a config file permits.yaml. If the file does not exist, it will be created automatically, but with empty content. Permit, the controller accesses it along the path @app/config/permits.yaml. There should be content in the form of a system right and its description for a convenient choice Approximate content of the file: ``` user/index: 'Access to viewing of all users' user/update: 'Access to user editing' user/delete: 'Access to user removal' user/create: 'Access to user creation' ``` Contributing ============ [](#contributing) Contributions are **welcome** and will be fully **credited**. I accept contributions via Pull Requests. Please see [CONTRIBUTING](CONTRIBUTING.md) for details. License ======= [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 31 — LowBetter than 68% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity7 Limited adoption so far Community13 Small or concentrated contributor base Maturity72 Established project with proven stability Bus Factor1 Top contributor holds 63.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~48 days Recently: every ~78 days Total 20 Last Release 3043d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/25330618?v=4)[Github](/maintainers/dastanaron)[@dastanaron](https://github.com/dastanaron) --- Top Contributors [![developeruz](https://avatars.githubusercontent.com/u/8788118?v=4)](https://github.com/developeruz "developeruz (31 commits)")[![dastanaron](https://avatars.githubusercontent.com/u/25330618?v=4)](https://github.com/dastanaron "dastanaron (11 commits)")[![astapb74](https://avatars.githubusercontent.com/u/5867042?v=4)](https://github.com/astapb74 "astapb74 (2 commits)")[![bryant1410](https://avatars.githubusercontent.com/u/3905501?v=4)](https://github.com/bryant1410 "bryant1410 (1 commits)")[![Beaten-Sect0r](https://avatars.githubusercontent.com/u/1025052?v=4)](https://github.com/Beaten-Sect0r "Beaten-Sect0r (1 commits)")[![gugoan](https://avatars.githubusercontent.com/u/1585443?v=4)](https://github.com/gugoan "gugoan (1 commits)")[![swartzlib7](https://avatars.githubusercontent.com/u/6884754?v=4)](https://github.com/swartzlib7 "swartzlib7 (1 commits)")[![xloading](https://avatars.githubusercontent.com/u/1406364?v=4)](https://github.com/xloading "xloading (1 commits)") --- Tags rbacyii ### Embed Badge ![Health badge](/badges/dastanaron-yii2-db-rbac/health.svg) ``` [![Health](https://phpackages.com/badges/dastanaron-yii2-db-rbac/health.svg)](https://phpackages.com/packages/dastanaron-yii2-db-rbac) ``` ### Alternatives [developeruz/yii2-db-rbac Dynamic control of access rights in YII2 11097.4k5](/packages/developeruz-yii2-db-rbac) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)