Yii2. RBAC and record-level filtering/restrictions. How best to implement?

T

Timur Tuz2018-03-22 08:47:07

Yii

Timur Tuz, 2018-03-22 08:47:07

Firework! I implement rest service. There is a base controller inherited from ActiveController from which descendants are inherited. In the base controller, the general logic, in the descendants - customization. Plus configured RBAC.
There is a business task "In a pair of lists of entities, the owner can see / edit only his own entities." With editing, everything seems to be clear. But I don't understand how to cut data output via GET /items. There are several options, but they either lead to an overload of the main IndexAction (or the provider's date), or to complex crutches that you will then sweat to accompany. And ideally, steer it through the RBAC logic. What will advise colleagues (except RTFM))? Or maybe there is a sample code somewhere on the github.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Artem, 2018-03-22
@TTA

Rbac has an entity \yii\rbac\rule .
This is a class that has an abstract execute() method, which, when implemented in a descendant class, will allow any validation logic to be implemented.
Implement such a class, hook it to permission, profit.