search

yii2mod / yii2-rbac

RBAC Manager for Yii 2
MIT License
143 stars 58 forks source link

RBAC doesn't apply to /rbac route #7

Closed jeredfloyd closed 8 years ago

jeredfloyd commented 8 years ago

RBAC rules don't appear to apply to the /rbac route. This means that any user with an account can access /rbac and modify their rights. Am I missing something?

ihorchepurnyi commented 8 years ago

Hi, basically you need to create the following roles: admin, user, guest. After creating the roles, you need to create the permissions with routes, for example: permission name - adminManagement with route /admin/*, and assign this permission to the admin role. And then assign the admin role to the user.

Complete example with the admin panel, user management and rbac you can find here: yii2mod/base.

Also you can see the basic insert migration (with predefined roles: admin, user, guest) for the rbac here: rbac migration

jeredfloyd commented 8 years ago

I see; we weren't using the admin panel and instead the rbac controller directly, which was not access controlled. Thanks.

neoacevedo commented 6 years ago

https://github.com/yii2mod/yii2-rbac/issues/7#issuecomment-212821875 How to do it?