Код: Выделить всё
/**
* Checks if user can edit user or change user's role
*/
class RoleRule extends Rule
{
public $name = 'canModifyUser';
/**
* @param string|int $user the user ID.
* @param Item $item the role or permission that this rule is associated with
* @param array $params parameters passed to ManagerInterface::checkAccess().
* @return bool a value indicating whether the rule permits the role or permission it is associated with.
*/
public function execute($user, $item, $params)
{
Yii::trace($params['test'] ?? 'Params not set' , __CLASS__);
return true;
}
}
Код: Выделить всё
...
$auth = Yii::$app->getAuthManager();
$authPermission = $auth->createPermission('editUsers');
$ruleObj = Yii::$container->get('\app\components\rbac\RoleRule');
$auth->add($ruleObj);
$authPermission->ruleName = $ruleObj->name;
$auth->add($authPermission);
...
Код: Выделить всё
'access' => [
'class' => AccessControl::className(),
'only' => ['create', 'update', 'delete'],
'rules' => [
[
'allow' => true,
'actions' => ['create', 'update'],
'roles' => ['editUsers'],
//Можно сделать, что бы работало как то так:
/* 'params' => [
'test' => 'testParam',
],
*/
],
],
],
];