From e9fcde48fb3724dca39cc5e1eada6a5eef86fcee Mon Sep 17 00:00:00 2001 From: Antonio Ramirez Date: Tue, 13 Jun 2017 14:14:12 +0200 Subject: [PATCH] add rbac guide --- docs/index.md | 1 + docs/installation/configuration-options.md | 2 +- docs/installation/rbac.md | 67 ++++++++++++++++++++++ 3 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 docs/installation/rbac.md diff --git a/docs/index.md b/docs/index.md index 7c63e98..93b652c 100644 --- a/docs/index.md +++ b/docs/index.md @@ -115,6 +115,7 @@ the official Yii2 advanced application template: See also all the possible configuration options available: - [Configuration Options](installation/configuration-options.md) +- [RBAC](installation/rbac.md) Enhancing and Overriding ------------------------ diff --git a/docs/installation/configuration-options.md b/docs/installation/configuration-options.md index abe4993..4f36074 100644 --- a/docs/installation/configuration-options.md +++ b/docs/installation/configuration-options.md @@ -74,7 +74,7 @@ Configures the permission name for `administrators`. See [AuthHelper](../../src/ Configures the URL prefix for the module. -### mailParams (type: `array`, default: `[]`) +#### mailParams (type: `array`, default: `[]`) Configures the parameter values used on [MailFactory](../../src/User/Factory/MailFactory.php). The default values are: diff --git a/docs/installation/rbac.md b/docs/installation/rbac.md new file mode 100644 index 0000000..d8b1153 --- /dev/null +++ b/docs/installation/rbac.md @@ -0,0 +1,67 @@ +RBAC +==== + +This module comes with RBAC package by default. We haven't found ourselves that we didn't require at least an admin +which doesn't require that level of security. Our projects always start with simple roles such as `admin` but later on +our customers always ask for different levels of permissions for multiple roles. + +That is the reason why we include RBAC features by default, and whether you use it or not, you will have to apply +Yii's `rbac` schema migrations or override the views so `PermissionController` and `RoleController` are never +accessible. + +We have added an access filter (`Da\User\Filter\AccessRuleFilter`) to allow you to work with those usernames you +configure as administrators of your app via the +[Module::administradors](configuration-options.md#administrators-type-array-default-) attribute. + +How to Use `AccessRuleFilter` +----------------------------- + +The following is a fragment on how the `Da\User\Controller\AdminController` has configured the filter: + +```php +// ... + +use Da\User\Filter\AccessRuleFilter; +use yii\filters\AccessControl; +use yii\filters\VerbFilter; + +// ... + +class AdminController extends Controller +{ + // ... + + + public function behaviors() + { + return [ + 'verbs' => [ + 'class' => VerbFilter::class, + 'actions' => [ + 'delete' => ['post'], + 'confirm' => ['post'], + 'block' => ['post'], + ], + ], + 'access' => [ + 'class' => AccessControl::class, + 'ruleConfig' => [ + 'class' => AccessRuleFilter::class, + ], + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], + ]; + } + + + // ... +} +``` + + +© [2amigos](http://www.2amigos.us/) 2013-2017