Tag Archives: yii 2 rbac

Yii 2 Avanced Template

A question I’ve seen on numerous occasions in the Yii 2 Forum is should I use the Yii 2 Advanced Template or the Basic Install? The answer to this depends quite a bit on what you want to accomplish and how. The first thing to mention is that if you are considering this question, you really should install a copy of both to get a hands on feel for yourself.

The instructions for installation of basic are here in the Guide. The instructions for the Yii 2 Advanced Template Installation is here.

Now if you are familiar with this blog, you know that I’m a big fan of the advanced template and that I use it in my book, Yii 2 For Beginners. It’s a little counter-intuitive, but I actually found that easier to work with than the basic application. The reason for this is that in the advanced template, they provide a fully-functional, database-driven user model, which is out of the box ready to register and login users. You even get the forgot password functionality, working out of the box, so you don’t have to code anything for that either.

So I found this to be incredibly helpful when I was new to the framework and I still feel strongly about it now, it’s a great template. The basic application is awesome too, after all, it’s the same framework. And depending on your application needs, it might make sense to start with that.

In my view, if you are just learning the framework, I think it’s easier to get started with the advanced template, even though you have to do a little more work in configuration and with the second host entry for the backend. Any medium to large size project would probably want separation of backend and frontend areas of the application, so the advanced template gives you a working blueprint for that. And considering it was made by the same team that developed the framework, it’s a strong blueprint. You can learn a lot from it.

Although they give you a working user registration and login in the advanced template, it’s only a starting point, and you still have to implement your own RBAC and any special logging that you might want to do, recording the ip address of the user for example.

Yii 2 does include an RBAC component that you can use with either template, and it is now well-documented and feature rich. I don’t use this implementation in my book, going for something simpler because I prefer to be closer to the RBAC code, so I can modify it more easily. It’s one of those things that just seems like I would have so many custom requirements that it’s just easier to go my own way with it. But that’s not to say anything negative about the Yii 2 RBAC, it’s really cool and ready for you to use if it meets your needs. It’s just another awesome feature that the framework provides for you.

In a sense you could apply the above statement to things like the user model, depending on how you wanted to build your application. So for example, if you had some custom implementation of a user model that was just too different from the advanced template, you could simply build it from scratch with the basic application.

Also, the way the backend and frontend are divided in the Advanced Application is obviously not the only way to do it. Some applications will not require a separate backend, though this is probably a minority. In smaller apps, you don’t necessarily even need a separate set of directories for backend, but keep in mind that apps tend to grow over time, so in my view, it’s best to account for this upfront. The advanced template is perfect for this. But you could also structure your backend differently by setting it up as a module.

Personally, I like the Advanced Template, I think it’s the perfect starting point for a medium to large application, or maybe even a smaller application where there is enough of a backend to imagine managing users through a backend UI.

Another thing I really liked about the advanced template, getting back to what I said earlier, is that you get to see a beautiful implementation of the user model that you can learn from, especially when you are just learning the framework.  For example, did you know that the Yii 2 Advanced Template doesn’t use a password field in the DB?  Instead it uses password_hash, and you can get the full details on that by doing the setup.  It’s just a great example of a user model.

In another example, when I wrote my Super Simple RBAC Tutorial, which gets you a working RBAC for the advanced template in 6 easy steps, I looked at the methods on the User model and the form model and followed their format and it really helped, everything just flowed beautifully. The point being that for newer and beginning programmers, learning how the framework does things is very useful and instructive and will help you progress faster in the long run.

If your are part of a team of professional developers deciding which version to use, basic or advanced, just keep in mind that both are equally capable of delivering enterprise level performance. So it just makes sense to see if the Advance Template represents a good starting point or simply will end up getting in the way, and obviously, no one can answer that question for you, you have to decide that for yourself.

Thanks again to everyone from around the world who has supported my blog and book. Feel free to contribute with your own comments, links, and reviews, it is greatly appreciated.

Advertisements

Yii 2 RBAC Tutorial

Once again a warm welcome goes out to all the programmers and developers around the world who are discovering this blog. I get amazed every day when I see the stats and the diversity in the countries represented. It gives me the hope of a common language for the world and a framework like Yii 2 is a great place to express that.

Also, thanks to everyone who has taken part in the polls on this site. Over 1000 developers have voted on many topics relevant to today’s php community. Your comments are also appreciated, so please feel free to vote and comment.

And also, much gratitude for everyone who has purchased a copy of Yii 2 For Beginners, with your support I can continue my work, and I really appreciate it.

Ok, so the topic here is RBAC. This stands for Role Based Access Control and this can be difficult to implement in any framework. The Yii 2 advanced template comes with a working user model out of the box and this makes it fairly easy to get up and running. The thing is every site needs access control, especially if you are going to have a front end and back end to the site, and if you are going to have users with special privileges, such as admin users, who will have access to admin functions in the backend of the application.

The Yii 2 advanced template conveniently divides itself into frontend and backend out-of-the-box, so there again, it’s helping you. It stops short, however, of handing you a working RBAC model with the template. The reason for this is that many applications will have many different requirements and they need to leave the framework as open-ended as possible.

Yii 2 does have an authManager component with a complete RBAC implementation that is fully scalable and robust. You can read about RBAC in the docs. And if you want to use that, it’s perfectly fine. Personally, I found it to be a little rigid for my needs.

This is not saying anything bad about what they have, it’s just it’s impossible to anticipate every scenario, and its easier to build something to suit your own needs than follow someone else’s pattern. Plus there is a learning curve as there is with everything.

This is one of those instances where I really feel it’s better to write your own code, you will be closer to it, and it will be easier in the long run for you to work with it. Some may disagree with that statement, but like a lot of things in programming, it comes down to personal preference, so feel free to decide for yourself.

In my book, I layout an RBAC pattern that is easy for beginners to grasp and is something you can build on. But since it’s meant to be a little more robust for long-term use, it doesn’t lend itself to a quick tutorial.

At the same time, I noticed in the forum that there were a lot of people asking about how to implement RBAC. So I asked myself, is it quick and easy for someone to get up and running with RBAC if they just want user/admin roles? No. Wait… Yes it is!

I came up with a six step RBAC tutorial, which I’m linking to because I made a wiki tutorial out of it on the Yii Framework site.

You will need to have a fresh install of the Yii 2 advanced template. They have a complete set of setup instructions there. I cover it extensively in my book, with a bunch of jpgs to help you see what it is supposed to look like.

Anyway, for the tutorial, it’s a more basic version of what we cover in the book. I was able to bring it down to just six steps, it doesn’t require any outside plugin or extension, and you can do it in less than 20 minutes. I’m really happy about that.

It also uses Yii 2’s matchCallback method on behaviors, which I felt was good way to do it, since it leaves the main controller actions less cluttered. It’s really easy to implement.

Now RBAC is not the first subject you should jump into if you are just starting with Yii 2, and depending on your skill level, it can be difficult. The six step tutorial is about as simple as it gets, but you need to get the advanced template setup and working first, so make sure you have done that step before moving into RBAC.

On the other hand, I don’t know of any other php framework that can move you so far along, so quickly with RBAC. Yii 2 does 99.9% of the work, you have to love that.

Got my first book review from Vegibit:

“Another great resource is a great book by Bill Keck who maintains a blog about Yii. You can get the book at leanpub right here. It’s a great resource because it takes the perspective of someone who is new to the framework and is diving in with a self learning crash course in getting things working with Yii. This real world approach is valuable in learning the key concepts when the rubber hits the road so to speak.”

Feel free to add your comments below. We would love to hear from you. Thanks again for your support.