Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sending $params to $user->can() in AccessRule #7643

Closed
alagodich opened this issue Mar 9, 2015 · 2 comments
Closed

Sending $params to $user->can() in AccessRule #7643

alagodich opened this issue Mar 9, 2015 · 2 comments
Labels
type:docs Documentation
Milestone
2.0.12

Comments

@alagodich
Copy link

Hi

Should not we have a way to send params to access rules when configuring them as a controller's behaviour?

For example in your guide you are creating updateOwnPost rule which is expecting postId param. But we don't have a way to send this param when configuring rules this way:

    public function behaviors()
    {
        return [
            'access' => [
                'class' => AccessControl::className(),
                'rules' => [
                    [
                        'actions' => ['update'],
                        'allow' => true,
                        'roles' => ['admin', 'updatePost', 'updateOwnPost'],
                    ],

In AccessRule class we just call can() method without any params.
So updatePost will not resolve with updateOwnPost as we cannot send postId.

Is it a bad practice and i have to use the following right in the action?

if (\Yii::$app->user->can('updatePost', ['post' => $post])) {
    // update post
}

I would prefer to keep all access assigning in one place.
@cebe
Copy link
Member

cebe commented Mar 9, 2015

I am currently doing it like that in one of my projects:

    public function behaviors()
    {
        return [
            'access' => [
                'class' => AccessControl::className(),
                'rules' => [
                [
                    'actions' => ['create', 'quick-create'],
                    'allow' => true,
                    'matchCallback' => function($rule, $action) {
                        return Yii::$app->user->can('task:create', ['project' => $action->controller->findProject()]);
                    },
                ],
...

@cebe cebe added the type:docs Documentation label Mar 9, 2015
@alagodich
Copy link
Author

Right, i can use that, thank you.

@fsateler fsateler mentioned this issue May 15, 2015
Closed
@klimov-paul klimov-paul mentioned this issue Feb 10, 2017
Closed
@arogachev arogachev mentioned this issue Feb 18, 2017
Closed
@cebe cebe mentioned this issue May 8, 2017
Merged
@cebe cebe added this to the 2.0.12 milestone May 31, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:docs Documentation
Projects
None yet
Milestone
2.0.12
Development

No branches or pull requests
2 participants
@cebe @alagodich