Yii framework 2 custom rights

Yii framework 2 - user rights through the database.

We create a controller from which then all the controllers will be inherited and beforeAction - the method that will be executed before the action.

PS: models and CRUDs must be generated using the Gii module.

<?php /* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */ namespace app\helper; use yii\web\Controller; use app\models\Users; use app\models\Rights; use Yii; class AppController extends Controller{ public function beforeAction($action){ $controller = $action->controller->id; //$action = $action->id; $rights = Rights::find()->where('controller = :controller', [':controller' => $controller])->one(); if(is_null($rights)){ echo 'controller dont have a rights'; exit; } $roles = explode(",",$rights->rights); $access = false; $userRole = "guest"; if(!\Yii::$app->user->isGuest){ $id = \Yii::$app->user->id; $user = Users::find()->where('id = :id', [':id' => $id])->one(); $userRole = $user->righgts; } foreach ($roles as $role){ if($role == $userRole){ $access = true; } } if(!$access){ $this->redirect(array('/site/login')); exit; } return parent::beforeAction($action); } } 

Model and rights table:

 CREATE TABLE `rights` ( `id` int(11) NOT NULL AUTO_INCREMENT, `controller` varchar(255) NOT NULL, `action` varchar(255) NOT NULL, `rights` varchar(255) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM AUTO_INCREMENT=32 DEFAULT CHARSET=utf8 

The model and users table, the peculiarity is that there is a righgts field:

 CREATE TABLE `users` ( `id` int(11) NOT NULL AUTO_INCREMENT, `email` varchar(255) NOT NULL, `phone` varchar(22) NOT NULL, `password` varchar(64) NOT NULL, `righgts` varchar(60) NOT NULL, `verify_key` varchar(65) NOT NULL, `activated` int(11) NOT NULL, `recovery_key` varchar(65) NOT NULL, `recovery_key_life` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, `auth_key` varchar(255) NOT NULL, `accessToken` varchar(255) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM AUTO_INCREMENT=37 DEFAULT CHARSET=utf8 

In the users table, we have the ability to change the rights field, which is responsible for access rights to controller actions.


In the rights table we write: the controller, action and roles (rights, rights) that have access to them.



  1. The parent controller checks the user rights from the database (rights column).
  2. The parent controller gets the name of the called controller and the name of the called action.
  3. The parent controller accesses the rights table and checks what rights are needed in order to use the called controller and action.
  4. If the user rights match the rights in the rights table, then the action is performed; if not, the redirect is performed.

List rights in the rights table separated by commas.

It’s good to use this method in the administrator module, for the user part standard rights are suitable.

I’m not a master at writing articles and expressing myself beautifully, I just outlined the technical essence, please put a plus - I will write a lot of interesting things.

Source: https://habr.com/ru/post/463057/

All Articles