yii2-auth

Auth is a module for the Yii PHP framework that provides a web user interface for Yii's built-in authorization manager (\yii\rbac\BaseManager). You can read more about Yii's authorization manager in the framework documentation under Authorization., _(*1)

Auth based on original code of yii-auth extension and fully rewrited for using with Yii 2. Also fork contain all original releases for Yii 1.x., _(*2)

At this moment module supports only DbManager., _(*3)

Demo

Coming soon., _(*4)

Usage

Setup

The preferred way to install this extension is through composer., _(*5)

Add, _(*6)

"binn/yii2-auth": "*"

to the require section of your composer.json file., _(*7)

Add module to application config and configure authManager component:, _(*8)

return [
    'components' => [
        'authManager' => [
            'class' => 'auth\components\DbManager', // or 'auth\components\PhpManager'
        ],
        // ...
    ],
    'modules' => [
        'auth' => [
            'class' => 'auth\Module',
        ],
    ],
];

Please note that while the module doesn't require you to use a database, if you wish to use yii\rbac\DbManager you need it's schema (it can be found in the framework under yii\rbac\migrations)., _(*9)

Configuration

Configure the module to suit your needs. Here's a list of the available configurations (with default values)., _(*10)

'auth' => array(
  'userClass' => Yii::$app->user->identityClass, // the name of the user model class.
  'userIdColumn' => 'id', // the name of the user id column.
  'userNameColumn' => 'name', // the name of the user name column.
  'applicationControllers' => [], // the path to controllers files that will be using for generates permissions.
  'admin' => [], // users with full access to module.
  'accessFilterBehavior' => [], Configuration for custom access filter.
),

Checking access

When you wish to check if the current user has a certain permission you can use the User::can() method which can be access from anywhere in your application through Yii::$app like so:, _(*11)

if (Yii::$app->user->can('itemName')) // itemName = name of the operation
{
  // access is allowed.
}

In order to keep your permissions dynamic you should never check for a specific role or task, instead you should always check for an operation. For more information on Yii's authorization manager refer to the framework documentation on Authorization., _(*12)

Checking access using a filter

You can also use a filter to automatically check access before controller actions are called. Operations used with this filter has to be named as follows (moduleId.)controllerId.actionId, where moduleId is optional., _(*13)

For example, _(*14)

public function behaviors()
{
    return [
        'access' => [
            'class' => AccessControl::className(),
                'rules' => [
                    [
                        'allow' => true,
                        'actions' => ['error', 'login', 'logout'],
                    ],
                    [
                        'allow' => true,
                        'roles' => [$this->getRuleName($this->action->id)],
                    ],
                    [
                        'allow' => true,
                        'matchCallback' => function () {
                            return !Yii::$app->user->isGuest ? !empty(Yii::$app->user->identity->isAdmin) : false;
                    },
                ],
            ],
        ],
    ];
}

For more information on how filters work refer to the framework documentation on Controllers., _(*15)