Closed jeredfloyd closed 8 years ago
Hi, basically you need to create the following roles: admin, user, guest. After creating the roles, you need to create the permissions with routes, for example: permission name - adminManagement with route /admin/*, and assign this permission to the admin role. And then assign the admin role to the user.
Complete example with the admin panel, user management and rbac you can find here: yii2mod/base.
Also you can see the basic insert migration (with predefined roles: admin, user, guest) for the rbac here: rbac migration
I see; we weren't using the admin panel and instead the rbac controller directly, which was not access controlled. Thanks.
RBAC rules don't appear to apply to the /rbac route. This means that any user with an account can access /rbac and modify their rights. Am I missing something?