name of permission

[sanjarbek]

I have UnitMeasurementController controller, and actionIndex action. I created role named Administrator and assign it to user. I created new permission named unit-measurement/index and assign it to role Administrator.

I expect user will be able to access page /unit-measurement/index but it did not. Then I changed permission name to /unit-measurement/index and it worked. But the problem is after change I can't see permission name in permission list page and cannot access it. What is wrong?

[ihorchepurnyi]

All route permissions not visible on permissions page. You need to create permission for example user-measurement and assign route /unit-measurement/index or /unit-measurement/* to this permission. After this steps you need to assign user-measurement permission to admin role. user-measurement permission will be visible on permissions page.

[sanjarbek]

What do you mean when you say assign route to permission? So far as I understand we have role, permission, rule, and assigning this 3 objects to user. My understanding is name of permission is route, is not?

[sanjarbek]

In the file yii2mod\rbac\models\search\AuthItemSearch;

$items = array_filter($authManager->getPermissions(), function ($item) {
    return strpos($item->name, '/') !== 0;
});

I changed return strpos($item->name, '/') !== 0; to return strpos($item->name, '/') == 0; and it worked as I expected. Is it bug or something else?

[ihorchepurnyi]

What do you mean when you say assign route to permission?

You can assign route to specific permission via admin panel. You need to create permission, and on view page assign route to this permission. Link

On permissions page in the admin panel displays only permissions like usersManager, but routes /admin/user/* displays only on routes page

[ihorchepurnyi]

Routes used in the our AccessControl class. This class checks permissions and routes. If you use this class, you don't need to set actions like this. You only need to define access control class, for example

    public function behaviors()
    {
        return [
            AccessControl::class,
        ];
    }

[ihorchepurnyi]

Or you can define access control for whole application as follows

'modules' => [
    ...
],
'components' => [
    ...
],
'as access' => [
    'class' => yii2mod\rbac\filters\AccessControl::class,
    'allowActions' => [
        'site/*',
        'admin/*',
        // The actions listed here will be allowed to everyone including guests.
        // So, 'admin/*' should not appear here in the production, of course.
        // But in the earlier stages of your development, you may probably want to
        // add a lot of actions here until you finally completed setting up rbac,
        // otherwise you may not even take a first step.
    ]
 ],

[sanjarbek]

My bad, I didn't notice route link on readme page. Now it is working. Thank you!