Yii2 Authorization

Yii2 provides a  Role Based Authorization Control ( rbac ) module off the shelf. The code at /vendor/yiisoft/yii2/rbac under your basic application folder is what we are dealing with here. Unfortunately it requires initialization and the tables need building before it can actually be used. The documentation around this process is a little sketchy so hopefully this will smooth the road!

This article leads on from Yii2 Migrations which gives a little more background to migrations.

Let’s leap in. First of all you need to create the tables required by the Yii2 Authorization code. There are several ways of doing this. You can access the database from a tool like phpMyAdmin ( or a tool that matches your database ) , if you have already got as far as an up and running basic installation then you can make use of the database abstraction layer by using the commands in the migration class. Since we are unlikely to install the Authorization layer more than once I did this manually.

In the Yii2 configuration post you might have seen that there are several config files. In some cases changes need to be made in both web.php and console.php. Processes like migrate use the console version of the config file so if you configure the authManager component in the runtime configuration web.php and forget to do it in console.php you will get a configuration exception when you try to run migrations that affect the authorization component! It looks like this ..

You should configure "authManager" component to use database before executing this migration.

Ideally the exception messages in your migration files should read something like …..

You should configure "****** component to use the database in 'console.php' before executing this migration.

Here’s something that is not explained fully. If you built the ‘basic’ demo application you can build the tables by issuing the following command line command.

php yii migrate --migrationPath=@yii/rbac/migrations/

OR

Using your database schema the following SQL will build the required tables. Simply block copying it into the phpMyAdmin SQL command window works fine for me.

One thing to note is that the ‘tbl_’ part will need to match the prefix of your schema tables. If you are not using prefixes than simply drop that part of the table names.

drop table if exists `tbl_auth_assignment`;
drop table if exists `tbl_auth_item_child`;
drop table if exists `tbl_auth_item`;

create table `tbl_auth_item`
(
   `name`                 varchar(64) not null,
   `type`                 integer not null,
   `description`          text,
   `biz_rule`              text,
   `data`                 text,
   primary key (`name`),
   key `type` (`type`)
) engine InnoDB;

create table `tbl_auth_item_child`
(
   `parent`               varchar(64) not null,
   `child`                varchar(64) not null,
   primary key (`parent`,`child`),
   foreign key (`parent`) references `tbl_auth_item` (`name`) on delete cascade on update cascade,
   foreign key (`child`) references `tbl_auth_item` (`name`) on delete cascade on update cascade
) engine InnoDB;

create table `tbl_auth_assignment`
(
   `item_name`            varchar(64) not null,
   `user_id`              varchar(64) not null,
   `biz_rule`              text,
   `data`                 text,
   primary key (`item_name`,`user_id`),
   foreign key (`item_name`) references `tbl_auth_item` (`name`) on delete cascade on update cascade
) engine InnoDB;

Ok, now we have the tables to hold our authorization data. Next we need to define our authorization schema.  I’m using something fairly simple, an omnipotent Administrator, a manager role and a user role.

 

 

 

 

 

 

Let’s tell our site to start using Authorization. If you built the basic Yii2 application in the config file for your site ( at /config/web.php ) in the components section you will see ..

    'components' => [
     ......
        'authManager'=> [
            'class' => 'yii\rbac\DbManager',
            'defaultRoles' => ['end-user'],
        ],
     ......
Bookmark the permalink.

Comments are closed.