PHPackages                             justcoded/yii2-rbac - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. justcoded/yii2-rbac

AbandonedArchivedYii2-extension[Authentication &amp; Authorization](/categories/authentication)

justcoded/yii2-rbac
===================

Yii2 RBAC Module

1.2.2(5y ago)45.5k↓27.3%3[3 issues](https://github.com/justcoded/yii2-rbac/issues)2BSD-3-ClausePHPPHP &gt;=7.0.0

Since Oct 10Pushed 5y ago8 watchersCompare

[ Source](https://github.com/justcoded/yii2-rbac)[ Packagist](https://packagist.org/packages/justcoded/yii2-rbac)[ RSS](/packages/justcoded-yii2-rbac/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (10)Dependencies (2)Versions (12)Used By (2)

 [ ![](https://avatars0.githubusercontent.com/u/993323) ](https://github.com/yiisoft)

Yii 2 JustCoded RBAC extension
==============================

[](#yii-2-justcoded-rbac-extension)

Extended RBAC Manager with route-based access.

### Features

[](#features)

#### Pre-defined Roles and Permissions

[](#pre-defined-roles-and-permissions)

By default this extension init such roles and permissions:

**Permissions:**

- **\*** - master permission. parent of all other permissions
- **administer** - permission you may use to check access to admin panel

**Roles:**

- **Guest** - not authenticated user
- **Authenticated** - authenticated user (you will need to add it by yourself you users)
- **Administrator** - has `administer` permission, so has access to admin panel
- **Master** - has `*` permission, super user with access to everything

#### Routes Scanner

[](#routes-scanner)

Special console command (or GUI interface) has feature to scan your project files and import permissions like:

- {controller-&gt;uniqueId}/\*
- {controller-&gt;uniqueId}/{action-&gt;id}

You can create additional roles (or add permissions to existed roles) to configure your system high-level access.

#### Routes Access filter

[](#routes-access-filter)

Most popular thing in RBAC configuration is to close access to some parts of the site (logged in area, different user roles, admin area, etc.).

Extension provides filter very similar to standard AccessControl which check `{controller->uniqueId}/*`, `{controller->uniqueId}/{action->id}` permission on page load and throw 403 error if you're not allowed to access routes.

#### GUI

[](#gui)

Simple GUI\* interface to manage your roles and permissions.

> **Note:** GUI still has alpha version features. Don't share access to this GUI to your clients!

### Installation

[](#installation)

The preferred way to install this extension is through composer.

Either run

```
php composer.phar require --prefer-dist justcoded/yii2-rbac "*"
```

or add

```
"justcoded/yii2-rbac": "*"

```

to the require section of your composer.json.

### Configuration

[](#configuration)

#### Component Setup

[](#component-setup)

To use the RBAC extension, you need to configure the components array in your application configuration:

```
'modules' => [
	...
	'rbac' => [
		'class' => 'justcoded\yii2\rbac\Module'
	],
	...
],
'components' => [
	...
	'authManager' => [
		'class' => 'justcoded\yii2\rbac\components\DbManager',
		//'class' => 'justcoded\yii2\rbac\components\PhpManager',
	],
	...
],
```

##### Bootstrap4 Themes Support

[](#bootstrap4-themes-support)

By default all views use standard yii2-bootstrap package with Boostrap v3. If you use modern Bootstrap 4, then you can overwrite some classes to use yii2-bootstrap4 package instead. Inside your configuration you need to reconfigure container dependencies like this:

```
'container' => [
	'definitions' => [
		// you can create your own GrivView to customize all options for main roles and permissions lists.
		'justcoded\yii2\rbac\widgets\RbacGridView' => [
			'class' => \app\modules\admin\widgets\RbacGridView::class,
		],
		// this will replace bootstrap3 ActiveForm with bootstrap4 ActiveForm.
		'justcoded\yii2\rbac\widgets\RbacActiveForm' => [
			'class' => \yii\bootstrap4\ActiveForm::class,
		],
	],
],
```

- Note: you need to add `yiisoft/yii2-bootstrap4` package dependency manually in your `composer.json`.

#### Basic RBAC configuration

[](#basic-rbac-configuration)

Please follow [oficial documentation](http://www.yiiframework.com/doc-2.0/guide-security-authorization.html#configuring-rbac)to configure RBAC storage (create necessary files or database tables).

If you use DbManager you can init database tables with the following migration command:

```
yii migrate --migrationPath=@yii/rbac/migrations
```

#### Init base roles

[](#init-base-roles)

Before usage this extension you will need to init default roles, which are pre-defined for it.

To do that you will need to run several commands:

```
# init base roles and administer/master permission
php yii rbac/init

# assign master role to some user (in this case user with ID = 1)
php yii rbac/assign-master 1

# scan your application routes
php yii rbac/scan

# ADVANCED TEMPLATE ONLY: scan routes for rbac module.
php yii rbac/scan -p='@vendor/justcoded/yii2-rbac' -b='rbac/'

# BASIC TEMPLATE ONLY: in case you use 'admin' module for backend:
php yii rbac/scan -p='@vendor/justcoded/yii2-rbac' -b='admin/rbac/'
```

### Usage

[](#usage)

#### GUI interface

[](#gui-interface)

To use graphical interface just follow the route you specified as base when scan routes / configure module.

> **Note:** Role Permissions selector is a hotfix solution, so it doesn't display proper tree structure when you move items between boxes. This will be fixed in next versions.

#### Route Access filter

[](#route-access-filter)

RouteAccessControl filter can be used inside specific controller (or globally) to control access to controller actions on very high level.

Routes scanner insert permissions like:

{controller-&gt;uniqueId}/\* {controller-&gt;uniqueId}/{action-&gt;id}

On controller beforeAction this filter check that current logged in user has permissions to access these routes.

To enable filter inside some specific controller:

```
	public function actions()
	{
		return [
			'routeAccess' => [
				'class' => 'justcoded\yii2\rbac\filters\RouteAccessControl',
			],
		];
	}
```

Or you can configure this filter globally. Inside you current application config just add such section:

```
	'as routeAccess' => [
		'class' => 'justcoded\yii2\rbac\filters\RouteAccessControl',
		'allowActions' => [
			'site/*',
		],
		'allowRegexp' => '/(gii)/i', // optional
	],
```

### Example

[](#example)

You can check the example on our [Yii2 starter kit](https://github.com/justcoded/yii2-starter).

###  Health Score

32

—

LowBetter than 72% of packages

Maintenance5

Infrequent updates — may be unmaintained

Popularity28

Limited adoption so far

Community20

Small or concentrated contributor base

Maturity65

Established project with proven stability

 Bus Factor1

Top contributor holds 72.1% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~124 days

Recently: every ~233 days

Total

10

Last Release

2024d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/af1a2fe7b505ad0881c589628c6a1f2a30213b9a27cc939b8bb60028764b733c?d=identicon)[justcoded](/maintainers/justcoded)

---

Top Contributors

[![aprokopenko](https://avatars.githubusercontent.com/u/1842666?v=4)](https://github.com/aprokopenko "aprokopenko (31 commits)")[![oberest](https://avatars.githubusercontent.com/u/65777866?v=4)](https://github.com/oberest "oberest (10 commits)")[![deadmantfa](https://avatars.githubusercontent.com/u/1812611?v=4)](https://github.com/deadmantfa "deadmantfa (1 commits)")[![yvecherskiy](https://avatars.githubusercontent.com/u/31924576?v=4)](https://github.com/yvecherskiy "yvecherskiy (1 commits)")

---

Tags

rbac-configurationrbac-managementyii2yii2-extensionyii2-rbacrbacyii2rbac guiroutes access

### Embed Badge

![Health badge](/badges/justcoded-yii2-rbac/health.svg)

```
[![Health](https://phpackages.com/badges/justcoded-yii2-rbac/health.svg)](https://phpackages.com/packages/justcoded-yii2-rbac)
```

###  Alternatives

[dektrium/yii2-rbac

RBAC management module for Yii2

237395.1k17](/packages/dektrium-yii2-rbac)[yii2mod/yii2-rbac

RBAC management module for Yii2

150351.4k7](/packages/yii2mod-yii2-rbac)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)