├── .gitignore ├── Bootstrap.php ├── LICENSE ├── Module.php ├── components ├── DbManager.php └── PhpManager.php ├── composer.json ├── console └── controllers │ └── RbacController.php ├── readme.md └── rules └── OwnItemRule.php /.gitignore: -------------------------------------------------------------------------------- 1 | .git 2 | -------------------------------------------------------------------------------- /Bootstrap.php: -------------------------------------------------------------------------------- 1 | getAuthManager() instanceof DbManager) { 18 | if (!isset($app->controllerMap['rbac'])) { 19 | $app->controllerMap['rbac'] = RbacController::className(); 20 | } 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2013 Aleksandr Zelenin 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the "Software"), to deal in 7 | the Software without restriction, including without limitation the rights to 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software is furnished to do so, 10 | subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /Module.php: -------------------------------------------------------------------------------- 1 | user)) { 32 | $this->assignRole(); 33 | } 34 | } 35 | 36 | /** 37 | * @return bool 38 | */ 39 | public function load() 40 | { 41 | $_items = []; 42 | 43 | $items = $this->loadFromFile(Yii::getAlias($this->itemFile)); 44 | $itemsMtime = @filemtime(Yii::getAlias($this->itemFile)); 45 | $assignments = $this->loadFromFile(Yii::getAlias($this->assignmentFile)); 46 | $rules = $this->loadFromFile(Yii::getAlias($this->ruleFile)); 47 | 48 | foreach ($rules as $ruleData) { 49 | $this->addRule(unserialize($ruleData)); 50 | } 51 | 52 | foreach ($items as $name => $item) { 53 | $class = $item['type'] == Item::TYPE_PERMISSION 54 | ? Permission::className() 55 | : Role::className(); 56 | $_items[$name] = new $class([ 57 | 'name' => $name, 58 | 'description' => isset($item['description']) ? $item['description'] : null, 59 | 'ruleName' => isset($item['ruleName']) ? $item['ruleName'] : null, 60 | 'data' => isset($item['data']) ? $item['data'] : null, 61 | 'createdAt' => $itemsMtime, 62 | 'updatedAt' => $itemsMtime 63 | ]); 64 | $this->addItem($_items[$name]); 65 | } 66 | 67 | foreach ($items as $name => $item) { 68 | if (isset($item['children'])) { 69 | foreach ($item['children'] as $childName) { 70 | if (isset($_items[$childName])) { 71 | $this->addChild($_items[$name], $_items[$childName]); 72 | } 73 | } 74 | } 75 | } 76 | foreach ($assignments as $userId => $role) { 77 | $this->assign($_items[$role], $userId); 78 | } 79 | 80 | return true; 81 | } 82 | 83 | /** 84 | * @param string $file 85 | * @return array 86 | */ 87 | protected function loadFromFile($file) 88 | { 89 | return is_file($file) 90 | ? require($file) 91 | : []; 92 | } 93 | 94 | public function assignRole() 95 | { 96 | $user = Yii::$app->getUser(); 97 | if (!$user->getIsGuest()) { 98 | /** @var IdentityInterface|ActiveRecord $identity */ 99 | $identity = $user->getIdentity(); 100 | $userId = $identity->getId(); 101 | $allRoles = array_keys($this->getRoles()); 102 | 103 | if (!$identity->{$this->roleParam} || !in_array($identity->{$this->roleParam}, $allRoles)) { 104 | $identity->{$this->roleParam} = $this->defaultRole; 105 | $identity->save(); 106 | } 107 | 108 | $assignments = array_keys($this->getAssignments($userId)); 109 | if (!in_array($identity->{$this->roleParam}, $assignments)) { 110 | $this->revokeRoleAssignments($assignments, $userId); 111 | $role = $this->getRole($identity->{$this->roleParam}); 112 | $this->assign($role, $userId); 113 | } 114 | } 115 | } 116 | 117 | /** 118 | * @param array $roles 119 | * @param int $userId 120 | * @return bool 121 | */ 122 | public function revokeRoleAssignments($roles, $userId) 123 | { 124 | return $this->db->createCommand() 125 | ->delete($this->assignmentTable, ['user_id' => $userId, 'item_name' => $roles]) 126 | ->execute() > 0; 127 | } 128 | } 129 | -------------------------------------------------------------------------------- /components/PhpManager.php: -------------------------------------------------------------------------------- 1 | getUser(); 23 | /** @var IdentityInterface|ActiveRecord|null $identity */ 24 | $identity = $user->getIdentity(); 25 | $assignments = parent::getAssignments($userId); 26 | $model = $userId === $user->getId() 27 | ? $identity 28 | : $identity::findOne($userId); 29 | if ($model) { 30 | $assignment = new Assignment; 31 | $assignment->userId = $userId; 32 | $assignment->roleName = $model->{$this->roleParam}; 33 | $assignments[$assignment->roleName] = $assignment; 34 | } 35 | return $assignments; 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "zelenin/yii2-rbac-module", 3 | "description": "Yii2 RBAC module with generating assignments to DB from RBAC data store file rbac.php", 4 | "version": "0.3.0", 5 | "type": "yii2-extension", 6 | "keywords": [ 7 | "yii2", 8 | "rbac" 9 | ], 10 | "homepage": "https://github.com/zelenin/yii2-rbac-module", 11 | "time": "2015-03-02", 12 | "license": "MIT", 13 | "authors": [ 14 | { 15 | "name": "Aleksandr Zelenin", 16 | "email": "aleksandr@zelenin.me", 17 | "homepage": "http://zelenin.me", 18 | "role": "Developer" 19 | } 20 | ], 21 | "support": { 22 | "issues": "https://github.com/zelenin/yii2-rbac-module/issues", 23 | "source": "https://github.com/zelenin/yii2-rbac-module" 24 | }, 25 | "require": { 26 | "yiisoft/yii2": "~2" 27 | }, 28 | "autoload": { 29 | "psr-4": { 30 | "Zelenin\\yii\\modules\\Rbac\\": "" 31 | } 32 | }, 33 | "extra": { 34 | "bootstrap": "Zelenin\\yii\\modules\\Rbac\\Bootstrap" 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /console/controllers/RbacController.php: -------------------------------------------------------------------------------- 1 | getAuthManager(); 19 | $auth->removeAll(); 20 | if ($auth->load()) { 21 | echo PHP_EOL . 'RBAC rules are generated' . PHP_EOL; 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | # Yii2 RBAC module 2 | 3 | [Yii2](http://www.yiiframework.com) RBAC module with generating assignments to DB from RBAC data storage files. 4 | Also "classic" PhpManager is available. 5 | 6 | ## Installation 7 | 8 | ### Composer 9 | 10 | The preferred way to install this extension is through [Composer](http://getcomposer.org/). 11 | 12 | Either run 13 | 14 | ``` 15 | php composer.phar require zelenin/yii2-rbac-module "dev-master" 16 | ``` 17 | 18 | or add 19 | 20 | ``` 21 | "zelenin/yii2-rbac-module": "dev-master" 22 | ``` 23 | 24 | to the require section of your ```composer.json``` 25 | 26 | ## Usage 27 | 28 | ### DbManager 29 | 30 | Configure AuthManager component in config: 31 | 32 | ```php 33 | 'components' => [ 34 | 'authManager' => [ 35 | 'class' => \Zelenin\yii\modules\Rbac\components\DbManager::className(), 36 | 'itemFile' => '@common/config/rbac/items.php', 37 | 'assignmentFile' => '@common/config/rbac/assignments.php', 38 | 'ruleFile' => '@common/config/rbac/rules.php', 39 | 'defaultRole' => 'user', 40 | 'roleParam' => 'role' // User model attribute 41 | ] 42 | ] 43 | ``` 44 | 45 | Run: 46 | 47 | ``` 48 | php yii migrate --migrationPath=@yii/rbac/migrations/ 49 | ``` 50 | 51 | or use sql file in ```@yii/rbac/migrations/``` 52 | 53 | For generating assignments from php storage files run 54 | 55 | ``` 56 | php yii rbac/generate 57 | ``` 58 | 59 | For storage files examples see ```example``` directory 60 | 61 | ### PhpManager 62 | 63 | Configure AuthManager component in config: 64 | 65 | ```php 66 | 'components' => [ 67 | 'authManager' => [ 68 | 'class' => \Zelenin\yii\modules\Rbac\components\PhpManager::className(), 69 | 'itemFile' => '@common/config/rbac/items.php', 70 | 'assignmentFile' => '@common/config/rbac/assignments.php', 71 | 'ruleFile' => '@common/config/rbac/rules.php', 72 | 'defaultRole' => 'user', 73 | 'roleParam' => 'role', // User model attribute 74 | ] 75 | ] 76 | ``` 77 | 78 | ## Info 79 | 80 | See [Yii2 authorization guide](https://github.com/yiisoft/yii2/blob/master/docs/guide/security-authorization.md) 81 | 82 | ## Author 83 | 84 | [Aleksandr Zelenin](https://github.com/zelenin/), e-mail: [aleksandr@zelenin.me](mailto:aleksandr@zelenin.me) 85 | -------------------------------------------------------------------------------- /rules/OwnItemRule.php: -------------------------------------------------------------------------------- 1 | $attribute; 26 | } 27 | } 28 | --------------------------------------------------------------------------------