I'm new to Yii2 and I need to make my ActionColumn class buttons of the GridView visible just only for admin and moderator.
I have 3 kinds of user rights:
const TYPE_NORMAL = 0;
const TYPE_SUPER = 1;
const TYPE_MASTER = 2;
And I need that my GridView would allow buttons just only for TYPE_SUPER and TYPE_MASTER. How can I achieve this?
Here is my GridView class:
Tried to do that with visibleButtons or template, but buttons are dissapearing for all the user rights. Thank you for the help
[
'class' => 'yii\grid\ActionColumn',
'template' => '',
],
You could use visible property
and if you have a rbac management in your Yii2 app where your users have role eg: admin you could
[
'class' => 'yii\grid\ActionColumn',
'visible' => Yii::$app->User->can('admin'),
],
for your user "TYPE" this seems not related to user http://www.yiiframework.com/doc-2.0/yii-web-user.html or http://www.yiiframework.com/doc-2.0/yii-web-identityinterface.html.. so you should explain better what do you mean
Related
I use rbac (dektrium) and ACF to check to access users in my project (yii2). I created some role for example :admin, manager, suser,user,.. I have some actions that all user can use its for example view action. how can define in behaviors method that all user can use view action?
To do this we assigned actions to user '*' in yii1.
...
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('view'),
'users'=>array('*'),
),
...
in yii2 use this code ()
...
[
'allow' => true,
'actions' => ['view'],
'roles' => ['?'],
],
...
but when admin user or manager user want to access to myController/view shows forbidden. only guests can access to myController/view, how can define a role or access to access to all user by default?
If you want to allow everyone to access action then there is no need to apply access filter for that action. To avoid applying access filter for specific actions you can use $except property of yii\filters\AccessControl. For example like this:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'except' => ['view'],
'rules' => [
//rules for other actions ...
]
],
//other behaviors ...
];
}
Other option would be to use a combination of roles ? (guests) and # (all logged in users) like this:
[
'allow' => true,
'actions' => ['view'],
'roles' => ['?', '#'],
]
There is also $only property in yii\filters\AccessControl that allows to apply filter only to explicitly named actions. But it's better to use $except for security reasons.
Resources:
yii\filters\AccessControl
yii\filters\AccessRule::$roles
I am looking for a way to enable an administrator to assign users roles after registering them from the backend. I have configured yii2-admin in yii2 advanced and I have roles already set in the database table.
However I want to get the roles on the user registration form as a dropdown list and the administrator should be able to select a role and assign to the user. The roles on the dropdown list should be those lower than that of the admin or equivalent to his...i.e if there is a sysadmin role that is superuser, the admin should not be able to get the role as one of the options since assigning that role means the user will be higher than his role.
I have searched online but only gotten the code for Yii 1.1 which I tried to customize but does not work at all. The code is provided below:
Dropdown list on the form:
<?php
if (Yii::app()->user->isSuperuser) {
$all_roles=new RAuthItemDataProvider('roles', array(
'type'=>2,
));
$data=$all_roles->fetchData();
?>
<div>
<label for="type_id">Type</label>
<?php echo CHtml::dropDownList("Type",'',CHtml::listData($data,'name','name'));? >
</div>
<?php
}
?>
And the controller code is:
if(Yii::app()->user->isSuperuser)
$type=$_POST['Type'];
else
$type='User';
$authorizer = Yii::app()->getModule("rights")->authorizer;
$authorizer->authManager->assign($type, $model->id);
Anyone with an idea of how to transform this to Yii2 ? Please assist; I have been stuck on this problem for some time.
Thank you.
Here is an idea on how to proceed with this. Having set up yii2-admin, set up the necessary dbTables and added the authManager settings to your config section like so
$config = [
...
'components' => [
...
'authManager' => [
'class' => 'yii\rbac\DbManager',
],
],
'as access' => [
'class' => 'mdm\admin\components\AccessControl',
'allowActions' => [
'site/*',
//'admin/*',
//'gii/*',
]
],
];
you have access to the authManager component.
In your controller you can obtain the roles of the current user like so
$current_user_roles = Yii::$app->authManager->getRolesByUser(Yii::$app->user->id);
Next you can get a list of all roles you have defined like so
$available_roles = Yii::$app->authManager->getRoles();
From here you would have to apply your role hierarchy logic to define what roles this user can assign (you should end up with a list of roles this user cannot assign, lets say $forbidden_roles). Once you have these 2 lists that you can remove the $forbidden_roles from the $available roles array with a simple foreach() statement, for example:
foreach($forbidden_roles as $role){
if(in_array($role,$available_role)){
$index = array_search($role,$available_role);
\yii\helpers\ArrayHelper::remove($available_roles,$index);
}
}
Now you have an array with the roles that the user can assign. Pass this array to your view and subsequently to the dropdown element and you should be set.
I have not personally tried this out but let me know if it works for you. Hope this helps.
i use in my app with below code in _form
get load user_id and all name
you only change condition in query
$users= ArrayHelper::map(app\models\User::find()->orderBy('username')->asArray()->all(), 'id', 'username');
$item= ArrayHelper::map(app\models\Authitem::find()->orderBy('name')->asArray()->all(), 'name', 'name');
echo $form->field($model, 'item_name')->widget(Select2::classname(), [
'data' => $item,
'options' => [
'placeholder' => 'انتخاب کنید...',
],
'pluginOptions' => [
'allowClear' => true,
],
]);
?>
<?php
echo $form->field($model, 'user_id')->widget(Select2::classname(), [
'data' => $users,
'options' => [
'placeholder' => 'انتخاب کنید...',
],
'pluginOptions' => [
'allowClear' => true,
],
]);
?>
How/where do you set the controller/method Yii2 uses when a user is required to be logged in? Currently it goes to site/login and I'm trying to point it to auth/login.
Assuming you are using advanced template in your config/main.php (or main-local.php) you should define your user component g for frontented app
'user' => [
'identityClass' => 'app\models\web\User',
'enableAutoLogin' => true,
'loginUrl'=>['/frontend/auth/login'],
],
May I know how to have function of automatic logout if users have inactive more than 5 minutes in yii2 ?
Try this configuration :
'user' => [
'enableAutoLogin' => false,
'authTimeout' => 300,
],
authTimeout
Your answer lies in configuration of "user" component in your config files.
Everything you need to know is in this documentation Yii2 User Component, set authTimout property to 300 (that's in seconds) and your user should be logged out after 5 minutes of inactivity.
In your component configuration you need to add config in user component like this
'components'=>[
'user' => [
'class'=>'yii\web\User',
'identityClass' => 'common\models\User',
'loginUrl'=>['sign-in/login'],
'enableAutoLogin' => false,
'authTimeout'=>300, //Number of second to Automatic Logout if inactive
//this config is optional
'identityCookie' => [
'name' => '_backendUser', // unique for backend
'path'=>'#backend/web' // correct path for the backend app.
],
'as afterLogin' => 'common\behaviors\LoginTimestampBehavior'
],
],
Besides of setting up the main.php I have three suggestion to handle this situation.
You should set you application in production mode ..
customize the site/error.php to check if user is guest and if not display the div with message like "Session expires" and a link to "site/login".
Alternatively, To redirect to login page when clicks on any link, define the access-control in a controller behaviors function and then you are done.
my site start with a default language(which is English) then based on user's preference i should change it. is this possible in Yii2 ? is there any widget for this
I use contentNegotiator, without assign a language to the user the language is automatically assigned by the application.
for this
In config/main.php in bootstrap section start the component
'bootstrap' => [
'log',
'contentNegotiator',
],
in component section
'components' => [
'contentNegotiator' =>[
'class' => 'yii\filters\ContentNegotiator',
'languages' => [
'en-US',
'it-IT',
'fr-FR',
],
],
],
otherwise you can change when and where you want. Is application action eg you can do in any controller you chose. this way
\Yii::$app->language = 'zh-CN';