Answer the question
In order to leave comments, you need to log in
Yii2. RBAC and record-level filtering/restrictions. How best to implement?
Firework! I implement rest service. There is a base controller inherited from ActiveController from which descendants are inherited. In the base controller, the general logic, in the descendants - customization. Plus configured RBAC.
There is a business task "In a pair of lists of entities, the owner can see / edit only his own entities." With editing, everything seems to be clear. But I don't understand how to cut data output via GET /items. There are several options, but they either lead to an overload of the main IndexAction (or the provider's date), or to complex crutches that you will then sweat to accompany. And ideally, steer it through the RBAC logic. What will advise colleagues (except RTFM))? Or maybe there is a sample code somewhere on the github.
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question