<?php
use yii\db\Migration;
use backend\models\User;
class m171015_143334_create_rbac_data extends Migration
{
public function safeUp()
{
$auth = Yii::$app->authManager;
// Define permissions
$viewComplaintsListPermission = $auth->createPermission('viewComplaintsList');
$auth->add($viewComplaintsListPermission);
$viewPostPermission = $auth->createPermission('viewPost');
$auth->add($viewPostPermission);
$deletePostPermission = $auth->createPermission('deletePost');
$auth->add($deletePostPermission);
$approvePostPermission = $auth->createPermission('approvePost');
$auth->add($approvePostPermission);
$viewUsersListPermission = $auth->createPermission('viewUsersList');
$auth->add($viewUsersListPermission);
$viewUserPermission = $auth->createPermission('viewUser');
$auth->add($viewUserPermission);
$deleteUserPermission = $auth->createPermission('deleteUser');
$auth->add($deleteUserPermission);
$updateUserPermission = $auth->createPermission('updateUser');
$auth->add($updateUserPermission);
// Define roles with permissions
$moderatorRole = $auth->createRole('moderator');
$auth->add($moderatorRole);
$auth->addChild($moderatorRole, $viewComplaintsListPermission);
$auth->addChild($moderatorRole, $viewPostPermission);
$auth->addChild($moderatorRole, $deletePostPermission);
$auth->addChild($moderatorRole, $approvePostPermission);
$auth->addChild($moderatorRole, $viewUsersListPermission);
$auth->addChild($moderatorRole, $viewUserPermission);
$adminRole = $auth->createRole('admin');
$auth->add($adminRole);
$auth->addChild($adminRole, $moderatorRole);
$auth->addChild($adminRole, $deleteUserPermission);
$auth->addChild($adminRole, $updateUserPermission);
// Create admin user
// Расчитывается, что после создания суперпользователя пароль будет изменен (или права админа переданы другому пользователю).
$user = new User([
'email' => '[email protected]',
'username' => 'Admin',
'password_hash' => '$2y$13$P9.d7KUb8C6BHCvkdzMsrOi5U.vIAw01UmriB.34PiN50e8nTGFge', // 111111
]);
$user->generateAuthKey();
$user->save();
// Assign admin role to
$auth->assign($adminRole, $user->getId());
}
public function safeDown()
{
echo "m171015_143334_create_rbac_data cannot be reverted.\n";
return false;
}
}
----
Ссылки:
https://bitbucket.org/victor-zinchenko/php-up-practice/branch/lesson-9
https://yiiframework.com.ua/ru/doc/guide/2/security-authorization/
http://www.yiiframework.com/doc-2.0/yii-rbac-managerinterface.html#getRolesByUser()-detail