search

yiisoft / yii2

Yii 2: The Fast, Secure and Professional PHP Framework
http://www.yiiframework.com
BSD 3-Clause "New" or "Revised" License
14.23k stars 6.91k forks source link

Concern with Yii::$app->authManager->checkAccess() #16641

Closed josepharcillas closed 6 years ago

josepharcillas commented 6 years ago

What steps will reproduce the problem?

I use https://github.com/mdmsoft/yii2-admin and I'm using Yii::$app->authManager->checkAccess() to check if the user has access to a route and it works.

What is the actual result?

Right now, I added some Rules to my RBAC permissions and tried to use the checkAccess function like checkAccess(Yii::$app->user->id,'/cars/activity-log?car_id=32') then it returns false even though when I visit the actual URL, the site was accessible. What I'm guessing is it doesn't check the URL if it returns 403 or permission denied Error but it checks the auth_assignment table if the route and user_id exist in that table.

Question

Do we have an RBAC function which is something like checkUrlAccess($userId, $url) and returns the error code?

samdark commented 6 years ago

No. There's nothing that checks URL.