Skip to content

The 'Using rules' section is refactored #345

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
klsoft-web wants to merge 1 commit into
base: master
Choose a base branch
from
Open

The 'Using rules' section is refactored #345

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 16 additions & 20 deletions src/guide/security/authorization.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -424,46 +424,42 @@ Let's fix it. First, you need a rule to verify that the user is the post author:
namespace App\User\Rbac;

use Yiisoft\Rbac\Item;
use \Yiisoft\Rbac\Rule;
use Yiisoft\Rbac\RuleContext;
use Yiisoft\Rbac\RuleInterface;

/**
* Checks if the authorID matches user passed via params.
*/
final readonly class AuthorRule extends Rule
final readonly class AuthorRule implements RuleInterface
{
private const NAME = 'isAuthor';

public function __construct() {
parent::__construct(self::NAME);
}

public function execute(string $userId, Item $item, array $parameters = []): bool
public function execute(?string $userId, Item $item, RuleContext $context): bool
{
return isset($params['post']) ? $params['post']->getAuthorId() == $userId : false;
$post = $context->getParameterValue('post');
return $post !== null && $post->getAuthorId() == $userId;
}
}
```

The rule checks if user created the `post`. Create a special permission `updateOwnPost` in the command you've used before:

```php
/** @var \Yiisoft\Rbac\ManagerInterface $auth */

// add the rule
$rule = new AuthorRule();
$auth->add($rule);
use Yiisoft\Rbac\Permission;
use Yiisoft\Rbac\ManagerInterface;

// add the "updateOwnPost" permission and associate the rule with it.
$updateOwnPost = (new \Yiisoft\Rbac\Permission('updateOwnPost'))
$updateOwnPost = (new Permission('updateOwnPost'))
->withDescription('Update own post')
->withRuleName($rule->getName());
$auth->add($updateOwnPost);
->withRuleName(AuthorRule::class);
$this->manager->addPermission($updateOwnPost);

// "updateOwnPost" will be used from "updatePost"
$auth->addChild($updateOwnPost, $updatePost);
$this->manager->addChild($updateOwnPost->getName(), $updatePost->getName());

// allow "author" to update their own posts
$auth->addChild($author, $updateOwnPost);
$this->manager->addChild($authorRole->getName(), $updateOwnPost->getName());

// Remove this line since we don't want the AuthorRule to be applied to the 'admin' role
$this->manager->addChild('admin', 'author');
```

Now you've got the following hierarchy:
Expand Down