How to correctly implement blocking using RBAC Yii2?

M

Mark2018-07-18 03:29:50

Yii

Mark, 2018-07-18 03:29:50

Hello. The question is how to correctly implement blocking using RBAC Yii2?
There is a group "Blocked", and actually I had a problem with a competent approach. At the moment, I came up with 3 approaches, 1 and 2 are more crutch, the 3rd one seems more real, but there is a question for him.
Approaches:
1. Implement a group verification validator upon authorization. But there is a question that the lock will be applied after the user re-authorizes. Since files are used for sessions, not a database, there will also be difficulties with deleting it.
2. In the settings boostrap section, add a component that will check the user's group. With this approach, in theory, +1 query to the database will be generated for each request. You can, of course, use caches, but here again there are a number of problems with non-instant blocking, and in any case, the extra load will remain.
3. In the configuration, as accessadd a rule to disable access to the entire blocked group. But the question arises if I define my set of AccessControl rules in the Behaivor's Controller - will the global configurations fail?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitry Kim, 2018-07-18
@kimono

In access rules in controllers, you can add a matchCallback where to check the user's status:

'accessControl' => [
  'class' => AccessControl::class,
  'rules' => [
    [
      'allow' => true,
      'roles' => ['@'],
      'matchCallbak' => function($rule, $action){
        return Yii::$app->user->identity->status !== User::STATUS_BLOCKED;
      }
    ]
  ],
],

M

Maxim Fedorov, 2018-07-18
@qonand

Oh, you've made up your mind, why should the user be placed in some special RBAC group? Blocked users are users who do not have access to the site at all, so it would be quite logical to take the blocking status into the user model and check it in findIdentity