Skip to content

yiisoft/access

Yii

Yii Access


Latest Stable Version Total Downloads Build status Scrutinizer Code Quality Code Coverage Mutation testing badge static analysis type-coverage

This package provides an interface for checking if certain user has certain permission. Optional parameters could be passed for fine-grained access checks. Additionally, DenyAll and AllowAll implementations are available out of the box.

Requirements

  • PHP 8.0 or higher.

Installation

The package could be installed with Composer:

composer require yiisoft/access

General usage

An access checker such as RBAC implements the interface. A user identity may use it then for checking access:

use Yiisoft\Access\AccessCheckerInterface;

class UserService
{
    private AccessCheckerInterface $accessChecker;
    
    public function __construct(AccessCheckerInterface $accessChecker)
    {
        $this->accessChecker = $accessChecker;
    }
    
    public function can(string $permissionName, array $parameters = []): bool
    {
        return $this->accessChecker->userHasPermission(
            $this
                ->getCurrentUser()
                ->getId(),
            $permissionName,
            $parameters
        );
    }
    
    public function getCurrentUser(): User
    {
        // ...
    }
}

In the handler it may look like the following:

public function actionList(UserService $userService)
{
    if (!$userService->can('list_posts')) {
        // access denied
    }

    // list posts
}

Documentation

If you need help or have a question, the Yii Forum is a good place for that. You may also check out other Yii Community Resources.

License

The Yii Access is free software. It is released under the terms of the BSD License. Please see LICENSE for more information.

Maintained by Yii Software.

Support the project

Open Collective

Follow updates

Official website Twitter Telegram Facebook Slack