Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Y
yii2
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
PSDI Army
yii2
Commits
87c6eec5
Commit
87c6eec5
authored
Jan 06, 2015
by
Angel Guevara
Committed by
Carsten Brandt
Jan 10, 2015
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Describe both configuration options for authManager
only the phpManager configuration was described, the DbManager configuration was not found on this documentation close #6771
parent
03351ccb
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
33 additions
and
3 deletions
+33
-3
security-authorization.md
docs/guide/security-authorization.md
+33
-3
No files found.
docs/guide/security-authorization.md
View file @
87c6eec5
...
...
@@ -152,7 +152,7 @@ Role based access control (RBAC)
--------------------------------
Role-Based Access Control (RBAC) provides a simple yet powerful centralized access control. Please refer to
the
[
Wiki
article
](
http://en.wikipedia.org/wiki/Role-based_access_control
)
for details about comparing RBAC
the
[
Wiki
pedia
](
http://en.wikipedia.org/wiki/Role-based_access_control
)
for details about comparing RBAC
with other more traditional access control schemes.
Yii implements a General Hierarchical RBAC, following the
[
NIST RBAC model
](
http://csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf
)
.
...
...
@@ -185,10 +185,12 @@ more special *tree* hierarchy. While a role can contain a permission, it is not
Before we set off to define authorization data and perform access checking, we need to configure the
[
[yii\base\Application::authManager|authManager
]
] application component. Yii provides two types of authorization managers:
[
[yii\rbac\PhpManager
]
] and
[
[yii\rbac\DbManager
]
]. The former uses a PHP script file to store authorization
data, while the latter stores authorization data in database. You may consider using the former if your application
data, while the latter stores authorization data in
a
database. You may consider using the former if your application
does not require very dynamic role and permission management.
The following code shows how to configure
`authManager`
in the application configuration:
#### configuring authManager with `PhpManager`
The following code shows how to configure the
`authManager`
in the application configuration using the
[
[yii\rbac\PhpManager
]
] class:
```
php
return
[
...
...
@@ -207,6 +209,34 @@ The `authManager` can now be accessed via `\Yii::$app->authManager`.
> Tip: By default, [[yii\rbac\PhpManager]] stores RBAC data in files under `@app/rbac/` directory. Make sure the directory
and all the files in it are writable by the Web server process if permissions hierarchy needs to be changed online.
#### configuring authManager with `DbManager`
The following code shows how to configure the
`authManager`
in the application configuration using the
[
[yii\rbac\DbManager
]
] class:
```
php
return
[
// ...
'components'
=>
[
'authManager'
=>
[
'class'
=>
'yii\rbac\DbManager'
,
],
// ...
],
];
```
`DbManager`
uses four database tables to store its data:
-
[
[yii\rbac\DbManager::$itemTable|itemTable
]
]: the table for storing authorization items. Defaults to "auth_item".
-
[
[yii\rbac\DbManager::$itemChildTable|itemChildTable
]
]: the table for storing authorization item hierarchy. Defaults to "auth_item_child".
-
[
[yii\rbac\DbManager::$assignmentTable|assignmentTable
]
]: the table for storing authorization item assignments. Defaults to "auth_assignment".
-
[
[yii\rbac\DbManager::$ruleTable|ruleTable
]
]: the table for storing rules. Defaults to "auth_rule".
Before you can go on you need to create those tables in the database. To do this, you can use the migration stored in
`@yii/rbac/migrations`
:
`yii migrate --migrationPath=@yii/rbac/migrations`
The
`authManager`
can now be accessed via
`\Yii::$app->authManager`
.
### Building Authorization Data
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment