This package provides an interface for checking if certain user has certain permission. Optional parameters could be passed
for fine-grained access checks. Additionally, DenyAll
and AllowAll
implementations are available out of the box.
- PHP 8.0 or higher.
The package could be installed with Composer:
composer require yiisoft/access
An access checker such as RBAC implements the interface. A user identity may use it then for checking access:
use Yiisoft\Access\AccessCheckerInterface;
class UserService
{
private AccessCheckerInterface $accessChecker;
public function __construct(AccessCheckerInterface $accessChecker)
{
$this->accessChecker = $accessChecker;
}
public function can(string $permissionName, array $parameters = []): bool
{
return $this->accessChecker->userHasPermission(
$this
->getCurrentUser()
->getId(),
$permissionName,
$parameters
);
}
public function getCurrentUser(): User
{
// ...
}
}
In the handler it may look like the following:
public function actionList(UserService $userService)
{
if (!$userService->can('list_posts')) {
// access denied
}
// list posts
}
If you need help or have a question, the Yii Forum is a good place for that. You may also check out other Yii Community Resources.
The Yii Access is free software. It is released under the terms of the BSD License.
Please see LICENSE
for more information.
Maintained by Yii Software.