PHP code example of malinichevvv / yii2-access

1. Go to this page and download the library: Download malinichevvv/yii2-access library. Choose the download type require.

2. Extract the ZIP file and open the index.php.

3. Add this code to the index.php.
    
        
<?php
require_once('vendor/autoload.php');

/* Start to develop here. Best regards https://php-download.com/ */

    

malinichevvv / yii2-access example snippets


// console/config/main.php
'controllerMap' => [
    'migrate' => [
        'class' => 'yii\console\controllers\MigrateController',
        'migrationPath' => [
            '@app/migrations',
            '@vendor/malinichevvv/yii2-access/src/migrations',
        ],
    ],
],

// common/config/main.php
'components' => [
    'access' => [
        'class'          => \malinichevvv\access\AccessManager::class,
        'db'             => 'db',      // DB component ID
        'cache'          => 'cache',   // Cache component ID (false = disable)
        'enableCache'    => true,
        'enableAuditLog' => true,
        'multiTenant'    => false,     // Set true for company-scoped roles
    ],
],

// Register bootstrap so the component is available everywhere:
'bootstrap' => ['log', 'access'],

use malinichevvv\access\Am;

// Check a single permission
if (Am::checkAccess($userId, 'order.create')) {
    // ...
}

// Check multiple at once
$map = Am::checkMultipleAccess($userId, ['order.create', 'order.delete', 'report.view']);
// ['order.create' => true, 'order.delete' => false, 'report.view' => true]

// Check by role code
if (Am::hasRole($userId, 'admin')) { ... }
if (Am::hasRole($userId, ['admin', 'super_admin'])) { ... } // OR logic

/** @var \malinichevvv\access\AccessManager $access */
$access = Yii::$app->access;
$access->checkAccess($userId, 'order.create');

use malinichevvv\access\attributes\RequirePermission;
use malinichevvv\access\attributes\RequireRole;
use malinichevvv\access\behaviors\AccessControlBehavior;

class OrderController extends \yii\web\Controller
{
    public function behaviors(): array
    {
        return [
            'access' => AccessControlBehavior::class,
        ];
    }

    #[RequirePermission('order.view')]
    public function actionIndex(): string { ... }

    #[RequirePermission('order.create')]
    public function actionCreate(): string { ... }

    // Both permissions must be held
    #[RequirePermission('order.view')]
    #[RequirePermission('report.generate')]
    public function actionReport(): string { ... }

    // Role check — at least one role in the array must match
    #[RequireRole(['admin', 'super_admin'])]
    public function actionDelete(): string { ... }

    // Role AND permission
    #[RequireRole('manager')]
    #[RequirePermission('order.approve')]
    public function actionApprove(): string { ... }
}

#[RequireRole('admin')]
class AdminController extends \yii\web\Controller
{
    public function behaviors(): array
    {
        return ['access' => AccessControlBehavior::class];
    }

    // All actions automatically 

use malinichevvv\access\filters\PermissionFilter;

public function behaviors(): array
{
    return [
        'permission' => [
            'class' => PermissionFilter::class,
            'rules' => [
                ['allow' => true,  'actions' => ['index', 'view']],
                ['allow' => true,  'actions' => ['create'], 'permissions' => ['order.create']],
                ['allow' => true,  'actions' => ['delete'], 'roles'       => ['admin']],
                ['allow' => true,  'actions' => ['export'], 'roles' => ['manager'], 'permissions' => ['report.export']],
                ['allow' => false], // deny all others
            ],
        ],
    ];
}

// In your User model:
public function behaviors(): array
{
    return [
        'access' => \malinichevvv\access\behaviors\UserAccessBehavior::class,
    ];
}

// Usage:
$user = User::findOne($id);

$user->can('order.create');                     // bool
$user->hasRole('admin');                        // bool
$user->hasRole(['admin', 'super_admin']);        // bool — OR
$user->canAll(['order.create', 'order.view']);  // ['order.create' => true, ...]

$user->getPermissions();                        // string[]
$user->getPermissionsDetailed();                // grouped with inheritance info
$user->getPermissionsForUI();                   // UI-ready tree
$user->getPermissionsWithSources();             // direct/inherited split

$user->getRoles();                              // role records (with inheritance)
$user->getRoles(false);                         // direct roles only
$user->getEffectiveRoleIds();                   // int[]
$user->getDirectRoleIds();                      // int[]

$user->assignRole($roleId);                     // void
$user->revokeRole($roleId);                     // void

use malinichevvv\access\Am;

// Create a permission group
$groupId = Am::createPermissionGroup('Orders', 'crm', 'All order-related permissions');

// Create permissions
$createId = Am::createPermission('order.create', 'Create a new order', $groupId);
$deleteId = Am::createPermission('order.delete', 'Delete an order',   $groupId);

// Create a role
$roleId = Am::createRole('Manager', 'manager', 'Manages orders and clients');

// Assign permissions to the role
Am::addPermissionToRole($roleId, $createId);
Am::addPermissionToRole($roleId, $deleteId);

// Assign role to a user
Am::assignRole($userId, $roleId);

// Revoke role
Am::revokeRole($userId, $roleId);

// Update / delete
Am::updateRole($roleId, ['name' => 'Senior Manager']);
Am::deleteRole($roleId); // fails for system roles

// admin → manager (manager inherits admin)
Am::addRoleInheritance($adminRoleId, $managerRoleId);

// manager → operator
Am::addRoleInheritance($managerRoleId, $operatorRoleId);

// Cycle detection — throws Exception
Am::canInherit($adminRoleId, $adminRoleId); // false (self)
Am::canInherit($operatorRoleId, $adminRoleId); // false (would create cycle)

// Query hierarchy
Am::getParentRoles($managerRoleId);            // direct parents
Am::getParentRoles($operatorRoleId, true);     // all ancestors recursively
Am::getChildRoles($adminRoleId, true);         // all descendants recursively
Am::getRolePermissionsWithInheritance($roleId); // permissions with direct/inherited flags

namespace App\Access\Rules;

class OwnerRule
{
    public static function check(int $userId, ?array $params): bool
    {
        $orderId = $params['order_id'] ?? null;
        if (!$orderId) {
            return false;
        }
        // Only the order's creator may delete it
        return Order::find()->where(['id' => $orderId, 'created_by' => $userId])->exists();
    }
}

// Register the rule
Am::addDynamicRule($permissionId, 'App\Access\Rules\OwnerRule::check', 'Owner check for orders');

// Check with params — static check + dynamic rule both evaluated
Am::checkAccess($userId, 'order.delete', ['order_id' => $orderId]);

// Remove the rule
Am::removeDynamicRule($permissionId);

'access' => [
    'class'       => \malinichevvv\access\AccessManager::class,
    'multiTenant' => true,
],

// Roles are scoped to company_id
$roleId = Am::createRole('Manager', 'manager', 'Company manager', false, false, $companyId);

// Query company roles
$roles = Am::getRolesByCompany($companyId);
$role  = Am::getRoleByCompanyWithCode($companyId, 'manager');

// Compare permissions between two users
$diff = Am::compareUsersAccess($userId1, $userId2);
// [
//   'only_user1'         => ['order.delete', ...],
//   'only_user2'         => ['report.export', ...],
//   'common'             => ['order.view', 'order.create'],
//   'similarity_percent' => 66.7,
// ]

// console/config/main.php
'controllerMap' => [
    'access' => \malinichevvv\access\console\AccessController::class,
],

'components' => [
    'access' => [
        'class'                => \malinichevvv\access\AccessManager::class,
        // Defaults shown — override as needed:
        'cacheDurationShort'    => 1800,   // 30 min — user role assignments
        'cacheDurationMedium'   => 3600,   // 1 h   — user permission sets, role details
        'cacheDurationLong'     => 7200,   // 2 h   — role hierarchy, role→permission links
        'cacheDurationVeryLong' => 86400,  // 24 h  — dynamic rule metadata, module groups
    ],
],

Yii::$app->access->on(
    AccessManager::EVENT_BEFORE_CHECK_ACCESS,
    function (AccessCheckEvent $event) {
        if (isSuperAdmin($event->userId)) {
            $event->isHandled = true;  // skip DB/cache entirely
            $event->result    = true;
        }
    }
);

Yii::$app->access->on(
    AccessManager::EVENT_ACCESS_DENIED,
    function (AccessCheckEvent $event) {
        Yii::warning(
            "Denied: user={$event->userId} perm={$event->permissionCode}",
            'access'
        );
    }
);

Yii::$app->access->on(
    AccessManager::EVENT_BEFORE_DELETE_ROLE,
    function (RoleEvent $event) {
        if ($event->roleId === MY_PROTECTED_ROLE_ID) {
            $event->isValid = false; // vetoes the delete
        }
    }
);

Yii::$app->access->on(
    AccessManager::EVENT_AFTER_ASSIGN_ROLE,
    function (RoleEvent $event) {
        Notification::send($event->userId, 'Your access permissions have been updated.');
    }
);

Yii::$app->access->on(
    AccessManager::EVENT_AFTER_CREATE_PERMISSION,
    function (PermissionEvent $event) {
        Am::addPermissionToRole(SUPERADMIN_ROLE_ID, $event->createdPermissionId);
    }
);

Yii::$app->access->on(
    AccessManager::EVENT_BEFORE_ADD_PERMISSION_TO_ROLE,
    function (PermissionEvent $event) {
        $sensitive = ['payment.refund', 'user.delete', 'role.manage'];
        if (in_array($event->permissionCode, $sensitive, true)) {
            $event->isValid = false;
            Yii::warning("Blocked assignment of sensitive permission to role #{$event->roleId}");
        }
    }
);

$handler = function (RoleEvent $event) { ... };
Yii::$app->access->on(AccessManager::EVENT_AFTER_ASSIGN_ROLE, $handler);

// Later:
Yii::$app->access->off(AccessManager::EVENT_AFTER_ASSIGN_ROLE, $handler);

Am::clearRequestCache();
// or
Yii::$app->access->clearRequestCache();

'access' => ['class' => AccessManager::class, 'enableCache' => false],

'access' => ['class' => AccessManager::class, 'enableAuditLog' => false],

'i18n' => [
    'translations' => [
        'access' => [
            'class'          => 'yii\i18n\PhpMessageSource',
            'basePath'       => '@vendor/malinichevvv/yii2-access/src/messages',
            'sourceLanguage' => 'en',
        ],
    ],
],
bash
php yii migrate --migrationPath=@vendor/malinichevvv/yii2-access/src/migrations