Is it possible to restrict access to a page without using the RBAC bike?

E

Eugene2018-06-13 14:42:50

Yii

Eugene, 2018-06-13 14:42:50

There is an admin. Access to it is limited simply in the module:

public function behaviors()
    {
        return [
            'access' => [
                'class' => AccessControl::className(),
                'rules' => [
                    [
                        'allow' => true,
                        'roles' => ['@'],
                    ],
                ],
            ],
        ];
    }

That is, only users with the authorized role can log into the admin panel. Its OK.
But now I have added a second user to the User database. And it is necessary that 1 user does not have access to the n-th page in the admin panel. And the other saw.
Can this be set up without the hourly RBAC setup, or do you still have to read the documentation and set up roles?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

M

Maxim, 2018-06-13
@evgen9586

public function behaviors()
    {
        return [
            'access' => [
                'class' => \yii\filters\AccessControl::className(),
                'rules' => [
                    // allow authenticated users
                    [
                        'allow' => true,
                        'matchCallback' => function ($rule, $action) {
                            if (Yii::$app->user->id == 1){
                                return false;
                            } else {
                                return true;
                            }

                        }
                    ],
                    // everything else is denied
                ],
             ],
        ];
    }

M

Maxim Fedorov, 2018-06-13
@qonand

you can, for example, by setting matchCallback , but is it worth it ...