Dedikisme's Blog

Ngeblog biar dibilang eksis

Rbac Yii2 Framework

RBAC (Role Based Access Control) adalah Role Based Access Control, dari kepanjangannya udah kebayangkan apa itu RBAC, di yii2 rbac udah ada jadi tinggal pake, dan di yii2 ini ada 2 tempat untuk menempatkan access controlnya, di file (defaultnya di @app/data/rbac.php) dan di databasenya juga bisa. Tapi kali ini yang aku pelajari yang versi file. ok Langsung saja buat Controller, sebelumnya buat file rbac.php pada path berikut @app/data/rbac.php, dan set chmodnya +w pasang kode ini di controller

apaajaController.php
1
2
3
4
5
$phpm = new PhpManager;
// buat "readPost" permission
$readPost =  $phpm->createPermission('readPost');
$readPost->description = 'read a post';
$phpm->add($createPost);

kode diatas akan membuat role baru

oh ya jangan lupa use namespacenya

apaajaController.php
1
use yii\rbac\PhpManager;

kemudian akses controller tersebut, maka data rbac.php yang tadi dibuat akan ada permission baru

rbac.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<?php
return array(
    'items' =>
    array(
        'readPost' =>
        array(
            'type' => 2,
            'description' => 'read a post',
        ),
    ),
    'rules' =>
    array(
    ),
);

dan buat lagi permission

apaajaController.php
1
2
3
$writePost = $phpm->createPermission('writePost');
$writePost->description = 'write a post';
$phpm->add($writePost);

jalankan dan rbac.php akan berubah

rbac.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<?php
return array(
    'items' =>
    array(
        'readPost' =>
        array(
            'type' => 2,
            'description' => 'read a post',
        ),
        'writePost' =>
        array(
            'type' => 2,
            'description' => 'write a post',
        ),
    ),
    'rules' =>
    array(
    ),
);

kemudian tambahkan role aksesnya disini aku tambahkan role ‘writer’

apaajaController.php
1
2
$writer = $phpm->createRole('writer');
$phpm->add($writer);

maka file rbacnya akan jadi berikut

rbac.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
<?php
return array(
    'items' =>
    array(
        'readPost' =>
        array(
            'type' => 2,
            'description' => 'read a post',
        ),
        'writePost' =>
        array(
            'type' => 2,
            'description' => 'write a post',
        ),
        'writer' =>
        array(
            'type' => 1,
        ),
    ),
    'rules' =>
    array(
    ),
);

kemudian kita coba masukkan permission writePost pada writer

apaajaController.php
1
$phpm->addChild($phpm->getRole('writer'), $phpm->getPermission('writePost'));

hasilnya

rbac.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<?php
return array(
    'items' =>
    array(
        'readPost' =>
        array(
            'type' => 2,
            'description' => 'read a post',
        ),
        'writePost' =>
        array(
            'type' => 2,
            'description' => 'write a post',
        ),
        'writer' =>
        array(
            'type' => 1,
            'children' =>
            array(
                0 => 'writePost',
            ),
        ),
    ),
    'rules' =>
    array(
    ),
);

kemudian kita coba masukkan role ‘writer’ ke ID ‘dedik’

apaajaController.php
1
$phpm->assign($phpm->getRole('writer'), 'dedik');

hasilnya

rbac.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<?php
return array(
    'items' =>
    array(
        'readPost' =>
        array(
            'type' => 2,
            'description' => 'read a post',
        ),
        'writePost' =>
        array(
            'type' => 2,
            'description' => 'write a post',
        ),
        'writer' =>
        array(
            'type' => 1,
            'children' =>
            array(
                0 => 'writePost',
            ),
            'assignments' =>
            array(
                'dedik' =>
                array(
                    'roleName' => 'writer',
                ),
            ),
        ),
    ),
    'rules' =>
    array(
    ),
);

kita coba cek aksesnya ID ‘dedik’ pada permission ‘writePost’

apaajaController.php
1
var_dump($phpm->checkAccess('dedik', 'writePost')); // bool(true)

maka hasilnya akan TRUE

dan coba akses permission ke ‘readPost’ maka

apaajaController.php
1
var_dump($phpm->checkAccess('dedik', 'readPost')); // bool(false)

maka FALSE

dan coba membuat child permission ‘readPost’ pada ID ‘writer’

apaajaController.php
1
$phpm->addChild($phpm->getRole('writer'), $phpm->getPermission('readPost'));

maka rbac.php akan tampil seperti ini

rbac.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<?php
return array(
    'items' =>
    array(
        'readPost' =>
        array(
            'type' => 2,
            'description' => 'read a post',
        ),
        'writePost' =>
        array(
            'type' => 2,
            'description' => 'write a post',
        ),
        'writer' =>
        array(
            'type' => 1,
            'children' =>
            array(
                0 => 'writePost',
                1 => 'createPost',
            ),
            'assignments' =>
            array(
                'dedik' =>
                array(
                    'roleName' => 'writer',
                ),
            ),
        ),
    ),
    'rules' =>
    array(
    ),
);

kemudian cek permission ‘readPost’ pada ID dedik

apaajaController.php
1
var_dump($phpm->checkAccess('dedik', 'readPost')); // bool(true)

maka hasilnya TRUE

Thanks

Comments