ihorchepurnyi
commented
7 years ago 1) Create your own rule class, for example:
class AboutUsRule extends Rule
{
public $name = 'aboutUsRule';
public function execute($user, $item, $params)
{
// your code here
}
}2) Create new Rule via rbac admin panel with the following values
- name - aboutUsRule
- class - app\rbac\rules\AboutUsRule // in my example
3) Create the new Permission via rbac admin panel, during the creation you need set the field Rule Name to aboutUsRule
4) Assign this permission to the role, for example to role user
5) In your action you can pass your parameters as follows:
public function actionAboutUs()
{
$params = [];
if (Yii::$app->user->can('your-permission-name', $params)) {
} else {
}
}
I am trying to set rules for most of my actions where I need to pass the model to the Rule to check if the owner of the model is the user who is accessing it.
As its a beforeAction is there a way to override it or a way to escape it?