1. Go to this page and download the library: Download malinichevvv/yii2-access library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
use malinichevvv\access\attributes\RequirePermission;
use malinichevvv\access\attributes\RequireRole;
use malinichevvv\access\behaviors\AccessControlBehavior;
class OrderController extends \yii\web\Controller
{
public function behaviors(): array
{
return [
'access' => AccessControlBehavior::class,
];
}
#[RequirePermission('order.view')]
public function actionIndex(): string { ... }
#[RequirePermission('order.create')]
public function actionCreate(): string { ... }
// Both permissions must be held
#[RequirePermission('order.view')]
#[RequirePermission('report.generate')]
public function actionReport(): string { ... }
// Role check — at least one role in the array must match
#[RequireRole(['admin', 'super_admin'])]
public function actionDelete(): string { ... }
// Role AND permission
#[RequireRole('manager')]
#[RequirePermission('order.approve')]
public function actionApprove(): string { ... }
}
#[RequireRole('admin')]
class AdminController extends \yii\web\Controller
{
public function behaviors(): array
{
return ['access' => AccessControlBehavior::class];
}
// All actions automatically
// In your User model:
public function behaviors(): array
{
return [
'access' => \malinichevvv\access\behaviors\UserAccessBehavior::class,
];
}
// Usage:
$user = User::findOne($id);
$user->can('order.create'); // bool
$user->hasRole('admin'); // bool
$user->hasRole(['admin', 'super_admin']); // bool — OR
$user->canAll(['order.create', 'order.view']); // ['order.create' => true, ...]
$user->getPermissions(); // string[]
$user->getPermissionsDetailed(); // grouped with inheritance info
$user->getPermissionsForUI(); // UI-ready tree
$user->getPermissionsWithSources(); // direct/inherited split
$user->getRoles(); // role records (with inheritance)
$user->getRoles(false); // direct roles only
$user->getEffectiveRoleIds(); // int[]
$user->getDirectRoleIds(); // int[]
$user->assignRole($roleId); // void
$user->revokeRole($roleId); // void
use malinichevvv\access\Am;
// Create a permission group
$groupId = Am::createPermissionGroup('Orders', 'crm', 'All order-related permissions');
// Create permissions
$createId = Am::createPermission('order.create', 'Create a new order', $groupId);
$deleteId = Am::createPermission('order.delete', 'Delete an order', $groupId);
// Create a role
$roleId = Am::createRole('Manager', 'manager', 'Manages orders and clients');
// Assign permissions to the role
Am::addPermissionToRole($roleId, $createId);
Am::addPermissionToRole($roleId, $deleteId);
// Assign role to a user
Am::assignRole($userId, $roleId);
// Revoke role
Am::revokeRole($userId, $roleId);
// Update / delete
Am::updateRole($roleId, ['name' => 'Senior Manager']);
Am::deleteRole($roleId); // fails for system roles
Yii::$app->access->on(
AccessManager::EVENT_BEFORE_DELETE_ROLE,
function (RoleEvent $event) {
if ($event->roleId === MY_PROTECTED_ROLE_ID) {
$event->isValid = false; // vetoes the delete
}
}
);
Yii::$app->access->on(
AccessManager::EVENT_AFTER_ASSIGN_ROLE,
function (RoleEvent $event) {
Notification::send($event->userId, 'Your access permissions have been updated.');
}
);
Yii::$app->access->on(
AccessManager::EVENT_AFTER_CREATE_PERMISSION,
function (PermissionEvent $event) {
Am::addPermissionToRole(SUPERADMIN_ROLE_ID, $event->createdPermissionId);
}
);
Yii::$app->access->on(
AccessManager::EVENT_BEFORE_ADD_PERMISSION_TO_ROLE,
function (PermissionEvent $event) {
$sensitive = ['payment.refund', 'user.delete', 'role.manage'];
if (in_array($event->permissionCode, $sensitive, true)) {
$event->isValid = false;
Yii::warning("Blocked assignment of sensitive permission to role #{$event->roleId}");
}
}
);