Restricting Access to Module

mdmsoft / yii2-admin

Auth manager for Yii2 (RBAC Manager)

GNU General Public License v3.0

1.16k stars 577 forks source link

Restricting Access to Module #93

Closed mtangoo closed 9 years ago

mtangoo commented 9 years ago

How do I suppose to restrict that? I know I can try the Application beforeAction but its a long route. I believe module should have a way of restricting users. I suggest to add property that limits by IDs or role something like

if(id_is_in_admin_array or role_is_in_roles_array)
{
    allow_access
}
else
    deny_access

what do you think?

mdmunir commented 9 years ago

I think not. "Restricting access" should be set via RBAC it self.

mtangoo commented 9 years ago

I mean restricting access to RBAC Module itself. for example, I can now access arbitrarily url localhost/admin Not sure if you get my point

mdmunir commented 9 years ago

Create role and permission with admin/role and admin/permission.
Register routes via admin/route.
Assign route to role or permission.
Assign role (or permission) to user.
Apply access control guide

mtangoo commented 9 years ago

thanks!

mtangoo commented 9 years ago

I have added pull request to clarify what I mean

https://github.com/mdmsoft/yii2-admin/pull/105

mtangoo commented 9 years ago

updated PR

mtangoo commented 9 years ago

I have got a problem. I want to apply access ONLY to admin module not whole of site controllers. How do I do that?

mdmunir commented 9 years ago

attach filter to module

'modules'=>[
    'admin'=>[
        'class'=>'mdm\admin\Module',
        'as access'=>[
            'class'=>'mdm\admin\components\AccessControl'
        ],
    ]
]

mtangoo commented 9 years ago

That was it!

unglevan commented 9 years ago

Assign route to role or permission.

how can i assign?

mtangoo commented 9 years ago

assign what?