2017 © Pedro Peláez

yii2-extension module-user-management

User with improved RBAC



User with improved RBAC

  • Thursday, February 15, 2018
  • by wpler
  • Repository
  • 1 Watchers
  • 0 Stars
  • 32 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 105 Forks
  • 3 Open issues
  • 21 Versions
  • 7 % Grown


User management module for Yii 2

This is a fork of webvimark/user-management-module to further development for using SQLite and NoSQL databases., (*1)

In addition, this extension is to be extended to use Bootstrap 4 Styles by given module setting., (*2)

Latest Stable Version Latest Unstable Version Total Downloads, (*3)


  • User management
  • RBAC (roles, permissions and stuff) with web interface
  • Registration, authorization, password recovery and so on
  • Visit log
  • Optimised (zero DB queries during usual user workflow)
  • Nice widgets like GhostMenu or GhostHtml::a where elements are visible only if user has access to route where they point


The preferred way to install this extension is through composer., (*4)

Either run, (*5)

composer require wpler/module-user-management

or add, (*6)

"wpler/module-user-management": "~1"

to the require section of your composer.json file., (*7)


1) In your config/web.php, (*8)

'components'=>[ 'user' => [ 'class' => 'wpler\modules\UserManagement\components\UserConfig', // Comment this if you don't want to record user logins 'on afterLogin' => function($event) { \wpler\modules\UserManagement\models\UserVisitLog::newVisitor($event->identity->id); } ], ], 'modules'=>[ 'user-management' => [ 'class' => 'wpler\modules\UserManagement\UserManagementModule', // 'enableRegistration' => true, // Add regexp validation to passwords. Default pattern does not restrict user and can enter any set of characters. // The example below allows user to enter : // any set of characters // (?=\S{8,}): of at least length 8 // (?=\S*[a-z]): containing at least one lowercase letter // (?=\S*[A-Z]): and at least one uppercase letter // (?=\S*[\d]): and at least one number // $: anchored to the end of the string //'passwordRegexp' => '^\S*(?=\S{8,})(?=\S*[a-z])(?=\S*[A-Z])(?=\S*[\d])\S*$', // Here you can set your handler to change layout for any controller or action // Tip: you can use this event in any module 'on beforeAction'=>function(yii\base\ActionEvent $event) { if ( $event->action->uniqueId == 'user-management/auth/login' ) { $event->action->controller->layout = 'loginLayout.php'; }; }, ], ],

To learn about events check:, (*9)

  • http://www.yiiframework.com/doc-2.0/guide-concept-events.html
  • http://www.yiiframework.com/doc-2.0/guide-concept-configurations.html#configuration-format

Layout handler example in AuthHelper::layoutHandler(), (*10)

To see full list of options check UserManagementModule file, (*11)

2) In your config/console.php (this is needed for migrations and working with console), (*12)

'modules'=>[ 'user-management' => [ 'class' => 'wpler\modules\UserManagement\UserManagementModule', 'controllerNamespace'=>'vendor\wpler\modules\UserManagement\controllers', // To prevent yii help from crashing ], ],

3) Run migrations, (*13)

./yii migrate --migrationPath=vendor/wpler/module-user-management/migrations/

4) In you base controller, (*14)

public function behaviors() { return [ 'ghost-access'=> [ 'class' => 'wpler\modules\UserManagement\components\GhostAccessControl', ], ]; }

Where you can go

false, 'activateParents'=>true, 'items' => [ [ 'label' => 'Backend routes', 'items'=>UserManagementModule::menuItems() ], [ 'label' => 'Frontend routes', 'items'=>[ ['label'=>'Login', 'url'=>['/user-management/auth/login']], ['label'=>'Logout', 'url'=>['/user-management/auth/logout']], ['label'=>'Registration', 'url'=>['/user-management/auth/registration']], ['label'=>'Change own password', 'url'=>['/user-management/auth/change-own-password']], ['label'=>'Password recovery', 'url'=>['/user-management/auth/password-recovery']], ['label'=>'E-mail confirmation', 'url'=>['/user-management/auth/confirm-email']], ], ], ], ]); ?>

First steps

From the menu above at first you'll se only 2 element: "Login" and "Logout" because you have no permission to visit other urls and to render menu we using GhostMenu::widget(). It's render only element that active user can visit., (*15)

Also same functionality has GhostNav::widget() and GhostHtml:a(), (*16)

1) Login as superadmin/superadmin, (*17)

2) Go to "Permissions" and play there, (*18)

3) Go to "Roles" and play there, (*19)

4) Go to "User" and play there, (*20)

5) Relax, (*21)


You controllers may have two properties that will make whole controller or selected action accessible to everyone, (*22)

public $freeAccess = true;

Or, (*23)

public $freeAccessActions = ['first-action', 'another-action'];

Here are list of the useful helpers. For detailed explanation look in the corresponding functions., (*24)

User::hasRole($roles, $superAdminAllowed = true) User::hasPermission($permission, $superAdminAllowed = true) User::canRoute($route, $superAdminAllowed = true) User::assignRole($userId, $roleName) User::revokeRole($userId, $roleName) User::getCurrentUser($fromSingleton = true)

Role, Permission and Route all have following methods, (*25)

Role::create($name, $description = null, $groupCode = null, $ruleName = null, $data = null) Role::addChildren($parentName, $childrenNames, $throwException = false) Role::removeChildren($parentName, $childrenNames)


Events can be handled via config file like following, (*26)

'modules'=>[ 'user-management' => [ 'class' => 'wpler\modules\UserManagement\UserManagementModule', 'on afterRegistration' => function(UserAuthEvent $event) { // Here you can do your own stuff like assign roles, send emails and so on }, ], ],

List of supported events can be found in UserAuthEvent class, (*27)


Question: Do you have API docs?, (*28)

Answer: Check this one on webvimark original module http://opensource.id5.com.br/webvimark/doc/index.html (Credits to lukBarros), (*29)

Question: I want users to register and login with they e-mails! Mmmmm... And they should confirm it too!, (*30)

Answer: See configuration properties $useEmailAsLogin and $emailConfirmationRequired, (*31)

Question: I want to have profile for user with avatar, birthday and stuff. What should I do ?, (*32)

Answer: Profiles are to project-specific, so you'll have to implement them yourself (but you can find example here on webvimark original module - https://github.com/webvimark/user-management/wiki/Profile-and-custom-registration). Here is how to do it without modifying this module, (*33)

1) Create table and model for profile, that have user_id (connect with "user" table), (*34)

2) Check AuthController::actionRegistration() how it works (you can skip this part), (*35)

3) Define your layout for registration. Check example in AuthHelper::layoutHandler(). Now use theming to change registration.php file, (*36)

4) Define your own UserManagementModule::$registrationFormClass. In this class you can do whatever you want like validating custom forms and saving profiles, (*37)

5) Create your controller where user can view profiles, (*38)

The Versions