T
T
Timur Tuz2018-03-22 08:47:07
Yii
Timur Tuz, 2018-03-22 08:47:07

Yii2. RBAC and record-level filtering/restrictions. How best to implement?

Firework! I implement rest service. There is a base controller inherited from ActiveController from which descendants are inherited. In the base controller, the general logic, in the descendants - customization. Plus configured RBAC.
There is a business task "In a pair of lists of entities, the owner can see / edit only his own entities." With editing, everything seems to be clear. But I don't understand how to cut data output via GET /items. There are several options, but they either lead to an overload of the main IndexAction (or the provider's date), or to complex crutches that you will then sweat to accompany. And ideally, steer it through the RBAC logic. What will advise colleagues (except RTFM))? Or maybe there is a sample code somewhere on the github.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Artem, 2018-03-22
@TTA

Rbac has an entity \yii\rbac\rule .
This is a class that has an abstract execute() method, which, when implemented in a descendant class, will allow any validation logic to be implemented.
Implement such a class, hook it to permission, profit.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question