README

Yii RBAC Cycle Database

The package provides Cycle Database storage for Yii RBAC.

Detailed build statuses:

Requirements

• PHP 8.1 or higher.
• In the case of using with SQLite, a minimal required version is 3.8.3.
• In the case of using with SQL Server, a minimal required version of PDO is 5.11.1.

Installation

The package could be installed with composer:

composer require yiisoft/rbac-cycle-db

General usage

Configuring database connection

Configuration depends on a selected driver. Here is an example for PostgreSQL:

use Cycle\Database\Config\DatabaseConfig;
use Cycle\Database\Config\Postgres\DsnConnectionConfig;
use Cycle\Database\Config\PostgresDriverConfig;
use Cycle\Database\DatabaseManager;

$dbConfig = new DatabaseConfig(
    [
        'default' => 'default',
        'databases' => [
            'default' => ['connection' => 'pgsql'],
        ],
        'connections' => [
            'pgsql' => new PostgresDriverConfig(new DsnConnectionConfig(
                'pgsql:host=127.0.0.1;dbname=yiitest;port=5432',
                'user',
                'password',
            )),
        ],
    ]
);
$databaseManager = new DatabaseManager($dbConfig);
$database = $databaseManager->database();

More comprehensive examples can be found at Cycle Database docs.

Working with migrations

This package uses Cycle Migrations for managing database tables required for storages. There are three tables in total (yii_rbac_ prefix is used).

Items storage:

• yii_rbac_item.
• yii_rbac_item_child.

Assignments storage:

• yii_rbac_assignment.

Configuring migrator and capsule

use Cycle\Database\DatabaseManager;
use Cycle\Migrations\Capsule;
use Cycle\Migrations\Config\MigrationConfig;
use Cycle\Migrations\FileRepository;
use Cycle\Migrations\Migrator;

$migrationsSubfolders = ['items', 'assignments'];
$directories = array_map(
    static fn (): string => dirname(__DIR__. 2),  "/vendor/yiisoft/rbac-cycle-db/migrations/$subfolder",
    $migrationsSubfolders, 
);
$config = new MigrationConfig([
    'directory' => $directories[0],
    // "vendorDirectories" are specified because the "directory" option doesn't support multiple directories. In the
    // end, it makes no difference because they all will be merged into a single array.
    'vendorDirectories' => $directories[1] ?? [],
    'table' => 'cycle_migration',
    'safe' => true,
]);
/** @var DatabaseManager $databaseManager */
$migrator = new Migrator($config, $databaseManager, new FileRepository($config));
$migrator->configure();

$capsule = new Capsule($databaseManager->database());

For configuring $databaseManager, see previous section.

Because item and assignment storages are completely independent, migrations are separated as well to prevent the creation of unused tables. So, for example, if you only want to use assignment storage, adjust $migrationsSubfolders variable like this:

$migrationsSubfolders = ['assignments'];

Applying migrations

use Cycle\Migrations\Capsule;
use Cycle\Migrations\Migrator;

/**
 * @var Migrator $migrator
 * @var Capsule $capsule 
 */
while ($migrator->run($capsule) !== null) {
    echo "Migration {$migration->getState()->getName()} applied successfully.\n";
}

Reverting migrations

use Cycle\Migrations\Capsule;
use Cycle\Migrations\Migrator;

/**
 * @var Migrator $migrator
 * @var Capsule $capsule 
 */
while ($migrator->rollback($capsule) !== null) {
    echo "Migration {$migration->getState()->getName()} reverted successfully.\n";
}

Using storages

The storages are not intended to be used directly. Instead, use them with Manager from Yii RBAC package:

use Cycle\Database\DatabaseInterface;
use Yiisoft\Rbac\Cycle\AssignmentsStorage;
use Yiisoft\Rbac\Cycle\ItemsStorage;
use Yiisoft\Rbac\Cycle\TransactionalManagerDecorator;
use Yiisoft\Rbac\Manager;
use Yiisoft\Rbac\Permission;
use Yiisoft\Rbac\RuleFactoryInterface;

/** @var DatabaseInterface $database */
$itemsStorage = new ItemsStorage($database);
$assignmentsStorage = new AssignmentsStorage($database);
/** @var RuleFactoryInterface $rulesContainer */
$manager = new TransactionalManagerDecorator(
    new Manager(
        itemsStorage: $itemsStorage, 
        assignmentsStorage: $assignmentsStorage,
        // Requires https://github.com/yiisoft/rbac-rules-container or another compatible factory.
        ruleFactory: $rulesContainer,
    ),
);
$manager->addPermission(new Permission('posts.create'));

Note wrapping manager with decorator—it additionally provides database transactions to guarantee data integrity.

Note that it's not necessary to use both DB storages. Combining different implementations is possible. A quite popular case is to manage items via PHP file while store assignments in a database.

More examples can be found in Yii RBAC documentation.

Syncing storages manually

The storages stay synced thanks to manager, but there can be situations where you need to sync them manually. One of them is using combination with PHP file based storage and editing it manually.

Let's say PHP file is used for items, while database - for assignments, and some items were deleted:

return [
    [
        'name' => 'posts.admin',        
        'type' => 'role',        
        'created_at' => 1683707079,
        'updated_at' => 1683707079,
        'children' => [
            'posts.redactor',
            'posts.delete',
            'posts.update.all',
        ],
    ],
-   [
-       'name' => 'posts.redactor',
-       'type' => 'role',        
-       'created_at' => 1683707079,
-       'updated_at' => 1683707079,
-       'children' => [
-           'posts.viewer',
-           'posts.create',
-           'posts.update',
-       ],
-   ],
    [
        'name' => 'posts.viewer',
        'type' => 'role',        
        'created_at' => 1683707079,
        'updated_at' => 1683707079,
        'children' => [
            'posts.view',
        ],
    ],
    [
        'name' => 'posts.view',
        'type' => 'permission',        
        'created_at' => 1683707079,
        'updated_at' => 1683707079,
    ],
    [
        'name' => 'posts.create',
        'type' => 'permission',        
        'created_at' => 1683707079,
        'updated_at' => 1683707079,
    ],
-   [
-       'name' => 'posts.update',
-       'rule_name' => 'is_author',
-       'type' => 'permission',
-       'created_at' => 1683707079,
-       'updated_at' => 1683707079,
-   ],
    [
        'name' => 'posts.delete',        
        'type' => 'permission',        
        'created_at' => 1683707079,
        'updated_at' => 1683707079,
    ],
    [
        'name' => 'posts.update.all',
        'type' => 'permission',        
        'created_at' => 1683707079,
        'updated_at' => 1683707079,
    ],
];

Then related entries in other storage needs to be deleted as well. This can be done within a migration:

use Cycle\Migrations\Migration;

final class DeletePostUpdateItems extends Migration
{
    private const TABLE_PREFIX = 'yii_rbac_';
    private const ASSIGNMENTS_TABLE = self::TABLE_PREFIX . 'assignment';

    public function up()
    {
        $this
            ->database()
            ->delete()
            ->from(self::ASSIGNMENTS_TABLE)
            ->where('item_name', 'IN', ['posts.redactor', 'posts.update']);
    }

    public function down()
    {
    }
}

Documentation

• Internals

If you need help or have a question, the Yii Forum is a good place for that. You may also check out other Yii Community Resources.

License

The Yii RBAC Cycle Database is free software. It is released under the terms of the BSD License. Please see LICENSE for more information.

Maintained by Yii Software.

Support the project

Follow updates