Download the PHP package malinichevvv/yii2-access without Composer

On this page you can find all versions of the php package malinichevvv/yii2-access. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package yii2-access

yii2-access

A powerful, flexible RBAC extension for Yii2 with:


Requirements

Requirement Version
PHP ≥ 8.1
Yii2 ~2.0

Installation

Run the migrations:

Or register the path in your console config:


Configuration

The extension auto-registers the access component via bootstrap. You can override it:


Basic Usage

Via static facade

Via component


PHP 8 Attributes (Recommended)

Attach AccessControlBehavior to your controller, then annotate actions:

Class-level attributes apply to all actions in the controller:


Config-based Filter

For teams that prefer Yii2's declarative style:


User Model Behavior

Add UserAccessBehavior to your User ActiveRecord to call access checks directly on the model:


Managing Roles & Permissions


Role Inheritance

Permissions flow upward: a child role inherits all permissions of its parent roles.


Dynamic Rules

Attach a callable to any permission for contextual access decisions evaluated after the static permission check:


Multi-Tenant Mode

Enable multiTenant = true to scope roles per company:


Analytics & Comparison


Console Commands

Register the controller in your console config once:

Command Description
php yii access/flush-cache Invalidate all access:permissions and access:roles cache tags
php yii access/list-roles List all roles with system/default flags
php yii access/list-roles --company-id=5 Roles for a specific company (multi-tenant)
php yii access/list-permissions List all permissions grouped by module
php yii access/list-permissions --module=crm Permissions for a specific module
php yii access/check 42 order.create Check if user #42 has order.create
php yii access/user-roles 42 Show direct and inherited roles for user #42
php yii access/user-permissions 42 Show all permissions for user #42 with sources

Configurable Cache TTLs

Cache durations are instance properties, not hardcoded constants, so you can tune them per environment:

The constants (AccessManager::CACHE_DURATION_*) remain available as documented defaults and can be referenced in your own code.


Events

The AccessManager component extends yii\base\Component and fires events at every key point. Attach listeners anywhere in your application bootstrap or module init().

Access check events

Constant Class When
EVENT_BEFORE_CHECK_ACCESS AccessCheckEvent Before any permission check; can short-circuit
EVENT_AFTER_CHECK_ACCESS AccessCheckEvent After every check; carries $result
EVENT_ACCESS_DENIED AccessCheckEvent Only when the check fails

Super-admin bypass (short-circuit pattern):

Access denied logging:

Role events

Constant Cancellable Properties on event
EVENT_BEFORE_ASSIGN_ROLE yes userId, roleId
EVENT_AFTER_ASSIGN_ROLE userId, roleId
EVENT_BEFORE_REVOKE_ROLE yes userId, roleId
EVENT_AFTER_REVOKE_ROLE userId, roleId
EVENT_BEFORE_CREATE_ROLE yes data
EVENT_AFTER_CREATE_ROLE roleId, createdRoleId, data
EVENT_BEFORE_UPDATE_ROLE yes roleId, data
EVENT_AFTER_UPDATE_ROLE roleId, data
EVENT_BEFORE_DELETE_ROLE yes roleId
EVENT_AFTER_DELETE_ROLE roleId
EVENT_BEFORE_ADD_ROLE_INHERITANCE yes parentRoleId, childRoleId
EVENT_AFTER_ADD_ROLE_INHERITANCE parentRoleId, childRoleId
EVENT_BEFORE_REMOVE_ROLE_INHERITANCE yes parentRoleId, childRoleId
EVENT_AFTER_REMOVE_ROLE_INHERITANCE parentRoleId, childRoleId

Cancellable example — guard system roles from deletion:

After-event example — notify a user when their role changes:

Permission events

Constant Cancellable Properties on event
EVENT_BEFORE_CREATE_PERMISSION yes permissionCode, data
EVENT_AFTER_CREATE_PERMISSION permissionId, createdPermissionId, permissionCode, data
EVENT_BEFORE_UPDATE_PERMISSION yes permissionId, data
EVENT_AFTER_UPDATE_PERMISSION permissionId, data
EVENT_BEFORE_DELETE_PERMISSION yes permissionId
EVENT_AFTER_DELETE_PERMISSION permissionId
EVENT_BEFORE_ADD_PERMISSION_TO_ROLE yes roleId, permissionId
EVENT_AFTER_ADD_PERMISSION_TO_ROLE roleId, permissionId
EVENT_BEFORE_REMOVE_PERMISSION_FROM_ROLE yes roleId, permissionId
EVENT_AFTER_REMOVE_PERMISSION_FROM_ROLE roleId, permissionId

Auto-grant to super-admin on permission creation:

Block sensitive permission assignment:

Detaching listeners


Database Schema

Table Description
access_permission_groups Module-based groups for organising permissions
access_permissions Individual permission codes
access_roles Role definitions (optionally company-scoped)
access_role_permissions Role ↔ permission pivot
access_role_includes Role inheritance (parent → child)
access_user_roles User ↔ role pivot
access_dynamic_rules Callable-based contextual rules per permission
access_audit_log Append-only audit trail (separate migration)

Caching

The component uses a two-layer cache strategy:

  1. Per-request in-memory pool — eliminates repeated DB/cache round-trips within a single HTTP request
  2. Persistent cache (Redis, Memcache, etc.) — shared across requests with tag-based invalidation

All mutating operations automatically invalidate the relevant cache tags. You can also clear the request pool manually (e.g. in tests):

To disable caching entirely:


Audit Log

When enableAuditLog = true (default), every access-changing operation writes a row to access_audit_log. The table has no foreign keys to users so the log survives user deletion.

To disable:


i18n

Error messages are translatable. Add to your i18n config:

Supported languages: en, ru, uk. Contributions for other languages are welcome.


License

MIT


All versions of yii2-access with dependencies

PHP Build Version
Package Version
Requires php Version >=8.1
yiisoft/yii2 Version ~2.0.45
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package malinichevvv/yii2-access contains the following files

Loading the files please wait ...