Yii 2 RBAC Tutorial

Once again a warm welcome goes out to all the programmers and developers around the world who are discovering this blog. I get amazed every day when I see the stats and the diversity in the countries represented. It gives me the hope of a common language for the world and a framework like Yii 2 is a great place to express that.

Also, thanks to everyone who has taken part in the polls on this site. Over 1000 developers have voted on many topics relevant to today’s php community. Your comments are also appreciated, so please feel free to vote and comment.

And also, much gratitude for everyone who has purchased a copy of Yii 2 For Beginners, with your support I can continue my work, and I really appreciate it.

Ok, so the topic here is RBAC. This stands for Role Based Access Control and this can be difficult to implement in any framework. The Yii 2 advanced template comes with a working user model out of the box and this makes it fairly easy to get up and running. The thing is every site needs access control, especially if you are going to have a front end and back end to the site, and if you are going to have users with special privileges, such as admin users, who will have access to admin functions in the backend of the application.

The Yii 2 advanced template conveniently divides itself into frontend and backend out-of-the-box, so there again, it’s helping you. It stops short, however, of handing you a working RBAC model with the template. The reason for this is that many applications will have many different requirements and they need to leave the framework as open-ended as possible.

Yii 2 does have an authManager component with a complete RBAC implementation that is fully scalable and robust. You can read about RBAC in the docs. And if you want to use that, it’s perfectly fine. Personally, I found it to be a little rigid for my needs.

This is not saying anything bad about what they have, it’s just it’s impossible to anticipate every scenario, and its easier to build something to suit your own needs than follow someone else’s pattern. Plus there is a learning curve as there is with everything.

This is one of those instances where I really feel it’s better to write your own code, you will be closer to it, and it will be easier in the long run for you to work with it. Some may disagree with that statement, but like a lot of things in programming, it comes down to personal preference, so feel free to decide for yourself.

In my book, I layout an RBAC pattern that is easy for beginners to grasp and is something you can build on. But since it’s meant to be a little more robust for long-term use, it doesn’t lend itself to a quick tutorial.

At the same time, I noticed in the forum that there were a lot of people asking about how to implement RBAC. So I asked myself, is it quick and easy for someone to get up and running with RBAC if they just want user/admin roles? No. Wait… Yes it is!

I came up with a six step RBAC tutorial, which I’m linking to because I made a wiki tutorial out of it on the Yii Framework site.

You will need to have a fresh install of the Yii 2 advanced template. They have a complete set of setup instructions there. I cover it extensively in my book, with a bunch of jpgs to help you see what it is supposed to look like.

Anyway, for the tutorial, it’s a more basic version of what we cover in the book. I was able to bring it down to just six steps, it doesn’t require any outside plugin or extension, and you can do it in less than 20 minutes. I’m really happy about that.

It also uses Yii 2’s matchCallback method on behaviors, which I felt was good way to do it, since it leaves the main controller actions less cluttered. It’s really easy to implement.

Now RBAC is not the first subject you should jump into if you are just starting with Yii 2, and depending on your skill level, it can be difficult. The six step tutorial is about as simple as it gets, but you need to get the advanced template setup and working first, so make sure you have done that step before moving into RBAC.

On the other hand, I don’t know of any other php framework that can move you so far along, so quickly with RBAC. Yii 2 does 99.9% of the work, you have to love that.

Got my first book review from Vegibit:

“Another great resource is a great book by Bill Keck who maintains a blog about Yii. You can get the book at leanpub right here. It’s a great resource because it takes the perspective of someone who is new to the framework and is diving in with a self learning crash course in getting things working with Yii. This real world approach is valuable in learning the key concepts when the rubber hits the road so to speak.”

Feel free to add your comments below. We would love to hear from you. Thanks again for your support.

Advertisements

6 thoughts on “Yii 2 RBAC Tutorial”

  1. Hi Bill, I’m benefitting from your work on the book and your site regarding Yii. So thank you for sharing your knowledge. Regarding the RBAC tutorial, the two roles “role_user” & “role_admin” fit well for my needs. However, I also need to disable users who are no longer employed, those accounts can’t be deleted due to company policy. Do you have any thoughts on how to approach this?

    1. Hi James, thanks for the kind words. In your case, perhaps simply using a retired status would suffice, so the employee could no longer log in if they did not have active status.

    1. Not sure I understand your question. Yii 2 out of the box allows you control authentication, meaning you control guest users vs. logged in users. If you want to have special role such as admin, etc., then you need to implement Yii 2s RBAC solution, which you can find instructions for in the guide, or, if you want something simpler, follow my super simple RBAC tutorial.

      I also build a custom RBAC solution in the book, which allows for roles such as admin and user types, with a full backend UI to support it. I hope this answers your question.

  2. This is the best YII2 RBAC article or HowTo I’ve seen. Very simple and concise, and actually works. Thank you very much

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s