Category Archives: Yii 2 RBAC Tutorial

Yii 2 RBAC Tutorial

Once again a warm welcome goes out to all the programmers and developers around the world who are discovering this blog. I get amazed every day when I see the stats and the diversity in the countries represented. It gives me the hope of a common language for the world and a framework like Yii 2 is a great place to express that.

Also, thanks to everyone who has taken part in the polls on this site. Over 1000 developers have voted on many topics relevant to today’s php community. Your comments are also appreciated, so please feel free to vote and comment.

And also, much gratitude for everyone who has purchased a copy of Yii 2 For Beginners, with your support I can continue my work, and I really appreciate it.

Ok, so the topic here is RBAC. This stands for Role Based Access Control and this can be difficult to implement in any framework. The Yii 2 advanced template comes with a working user model out of the box and this makes it fairly easy to get up and running. The thing is every site needs access control, especially if you are going to have a front end and back end to the site, and if you are going to have users with special privileges, such as admin users, who will have access to admin functions in the backend of the application.

The Yii 2 advanced template conveniently divides itself into frontend and backend out-of-the-box, so there again, it’s helping you. It stops short, however, of handing you a working RBAC model with the template. The reason for this is that many applications will have many different requirements and they need to leave the framework as open-ended as possible.

Yii 2 does have an authManager component with a complete RBAC implementation that is fully scalable and robust. You can read about RBAC in the docs. And if you want to use that, it’s perfectly fine. Personally, I found it to be a little rigid for my needs.

This is not saying anything bad about what they have, it’s just it’s impossible to anticipate every scenario, and its easier to build something to suit your own needs than follow someone else’s pattern. Plus there is a learning curve as there is with everything.

This is one of those instances where I really feel it’s better to write your own code, you will be closer to it, and it will be easier in the long run for you to work with it. Some may disagree with that statement, but like a lot of things in programming, it comes down to personal preference, so feel free to decide for yourself.

In my book, I layout an RBAC pattern that is easy for beginners to grasp and is something you can build on. But since it’s meant to be a little more robust for long-term use, it doesn’t lend itself to a quick tutorial.

At the same time, I noticed in the forum that there were a lot of people asking about how to implement RBAC. So I asked myself, is it quick and easy for someone to get up and running with RBAC if they just want user/admin roles? No. Wait… Yes it is!

I came up with a six step RBAC tutorial, which I’m linking to because I made a wiki tutorial out of it on the Yii Framework site.

You will need to have a fresh install of the Yii 2 advanced template. They have a complete set of setup instructions there. I cover it extensively in my book, with a bunch of jpgs to help you see what it is supposed to look like.

Anyway, for the tutorial, it’s a more basic version of what we cover in the book. I was able to bring it down to just six steps, it doesn’t require any outside plugin or extension, and you can do it in less than 20 minutes. I’m really happy about that.

It also uses Yii 2’s matchCallback method on behaviors, which I felt was good way to do it, since it leaves the main controller actions less cluttered. It’s really easy to implement.

Now RBAC is not the first subject you should jump into if you are just starting with Yii 2, and depending on your skill level, it can be difficult. The six step tutorial is about as simple as it gets, but you need to get the advanced template setup and working first, so make sure you have done that step before moving into RBAC.

On the other hand, I don’t know of any other php framework that can move you so far along, so quickly with RBAC. Yii 2 does 99.9% of the work, you have to love that.

Got my first book review from Vegibit:

“Another great resource is a great book by Bill Keck who maintains a blog about Yii. You can get the book at leanpub right here. It’s a great resource because it takes the perspective of someone who is new to the framework and is diving in with a self learning crash course in getting things working with Yii. This real world approach is valuable in learning the key concepts when the rubber hits the road so to speak.”

Feel free to add your comments below. We would love to hear from you. Thanks again for your support.