yiisoft / rbac-cycle-db
Yii RBAC Cycle Database storage
Fund package maintenance!
Opencollective
yiisoft
Installs: 7 045
Dependents: 0
Suggesters: 1
Security: 0
Stars: 15
Watchers: 17
Forks: 7
Open Issues: 5
Requires
- php: ^8.1
- cycle/database: ^2.7
- cycle/migrations: ^4.2.2
- yiisoft/friendly-exception: ^1.1
- yiisoft/rbac: ^2.0
Requires (Dev)
- ext-pdo_sqlite: *
- ext-uopz: *
- maglnet/composer-require-checker: ^4.3
- phpunit/phpunit: ^10.5.2
- rector/rector: ^1.0.0
- roave/infection-static-analysis-plugin: ^1.25
- slope-it/clock-mock: 0.4.0
- spatie/phpunit-watcher: ^1.23
- vimeo/psalm: ^4.30|^5.2
Suggests
- yiisoft/yii-db-migration: For automating schema migration
This package is auto-updated.
Last update: 2024-10-16 12:39:28 UTC
README
Yii RBAC Cycle Database
The package provides Cycle Database storage for Yii RBAC.
Detailed build statuses:
Requirements
- PHP 8.1 or higher.
- In the case of using with SQLite, a minimal required version is 3.8.3.
- In the case of using with SQL Server, a minimal required version of PDO is 5.11.1.
Installation
The package could be installed with composer:
composer require yiisoft/rbac-cycle-db
General usage
Configuring database connection
Configuration depends on a selected driver. Here is an example for PostgreSQL:
use Cycle\Database\Config\DatabaseConfig; use Cycle\Database\Config\Postgres\DsnConnectionConfig; use Cycle\Database\Config\PostgresDriverConfig; use Cycle\Database\DatabaseManager; $dbConfig = new DatabaseConfig( [ 'default' => 'default', 'databases' => [ 'default' => ['connection' => 'pgsql'], ], 'connections' => [ 'pgsql' => new PostgresDriverConfig(new DsnConnectionConfig( 'pgsql:host=127.0.0.1;dbname=yiitest;port=5432', 'user', 'password', )), ], ] ); $databaseManager = new DatabaseManager($dbConfig); $database = $databaseManager->database();
More comprehensive examples can be found at Cycle Database docs.
Working with migrations
This package uses Cycle Migrations for managing database tables required for
storages. There are three tables in total (yii_rbac_
prefix is used).
Items storage:
yii_rbac_item
.yii_rbac_item_child
.
Assignments storage:
yii_rbac_assignment
.
Configuring migrator and capsule
use Cycle\Database\DatabaseManager; use Cycle\Migrations\Capsule; use Cycle\Migrations\Config\MigrationConfig; use Cycle\Migrations\FileRepository; use Cycle\Migrations\Migrator; $migrationsSubfolders = ['items', 'assignments']; $directories = array_map( static fn (): string => dirname(__DIR__. 2), "/vendor/yiisoft/rbac-cycle-db/migrations/$subfolder", $migrationsSubfolders, ); $config = new MigrationConfig([ 'directory' => $directories[0], // "vendorDirectories" are specified because the "directory" option doesn't support multiple directories. In the // end, it makes no difference because they all will be merged into a single array. 'vendorDirectories' => $directories[1] ?? [], 'table' => 'cycle_migration', 'safe' => true, ]); /** @var DatabaseManager $databaseManager */ $migrator = new Migrator($config, $databaseManager, new FileRepository($config)); $migrator->configure(); $capsule = new Capsule($databaseManager->database());
For configuring $databaseManager
, see previous section.
Because item and assignment storages are completely independent, migrations are separated as well to prevent
the creation of unused tables. So, for example, if you only want to use assignment storage, adjust
$migrationsSubfolders
variable like this:
$migrationsSubfolders = ['assignments'];
Applying migrations
use Cycle\Migrations\Capsule; use Cycle\Migrations\Migrator; /** * @var Migrator $migrator * @var Capsule $capsule */ while ($migrator->run($capsule) !== null) { echo "Migration {$migration->getState()->getName()} applied successfully.\n"; }
Reverting migrations
use Cycle\Migrations\Capsule; use Cycle\Migrations\Migrator; /** * @var Migrator $migrator * @var Capsule $capsule */ while ($migrator->rollback($capsule) !== null) { echo "Migration {$migration->getState()->getName()} reverted successfully.\n"; }
Using storages
The storages are not intended to be used directly. Instead, use them with Manager
from
Yii RBAC package:
use Cycle\Database\DatabaseInterface; use Yiisoft\Rbac\Cycle\AssignmentsStorage; use Yiisoft\Rbac\Cycle\ItemsStorage; use Yiisoft\Rbac\Cycle\TransactionalManagerDecorator; use Yiisoft\Rbac\Manager; use Yiisoft\Rbac\Permission; use Yiisoft\Rbac\RuleFactoryInterface; /** @var DatabaseInterface $database */ $itemsStorage = new ItemsStorage($database); $assignmentsStorage = new AssignmentsStorage($database); /** @var RuleFactoryInterface $rulesContainer */ $manager = new TransactionalManagerDecorator( new Manager( itemsStorage: $itemsStorage, assignmentsStorage: $assignmentsStorage, // Requires https://github.com/yiisoft/rbac-rules-container or another compatible factory. ruleFactory: $rulesContainer, ), ); $manager->addPermission(new Permission('posts.create'));
Note wrapping manager with decorator—it additionally provides database transactions to guarantee data integrity.
Note that it's not necessary to use both DB storages. Combining different implementations is possible. A quite popular case is to manage items via PHP file while store assignments in a database.
More examples can be found in Yii RBAC documentation.
Syncing storages manually
The storages stay synced thanks to manager, but there can be situations where you need to sync them manually. One of them is using combination with PHP file based storage and editing it manually.
Let's say PHP file is used for items, while database - for assignments, and some items were deleted:
return [ [ 'name' => 'posts.admin', 'type' => 'role', 'created_at' => 1683707079, 'updated_at' => 1683707079, 'children' => [ 'posts.redactor', 'posts.delete', 'posts.update.all', ], ], - [ - 'name' => 'posts.redactor', - 'type' => 'role', - 'created_at' => 1683707079, - 'updated_at' => 1683707079, - 'children' => [ - 'posts.viewer', - 'posts.create', - 'posts.update', - ], - ], [ 'name' => 'posts.viewer', 'type' => 'role', 'created_at' => 1683707079, 'updated_at' => 1683707079, 'children' => [ 'posts.view', ], ], [ 'name' => 'posts.view', 'type' => 'permission', 'created_at' => 1683707079, 'updated_at' => 1683707079, ], [ 'name' => 'posts.create', 'type' => 'permission', 'created_at' => 1683707079, 'updated_at' => 1683707079, ], - [ - 'name' => 'posts.update', - 'rule_name' => 'is_author', - 'type' => 'permission', - 'created_at' => 1683707079, - 'updated_at' => 1683707079, - ], [ 'name' => 'posts.delete', 'type' => 'permission', 'created_at' => 1683707079, 'updated_at' => 1683707079, ], [ 'name' => 'posts.update.all', 'type' => 'permission', 'created_at' => 1683707079, 'updated_at' => 1683707079, ], ];
Then related entries in other storage needs to be deleted as well. This can be done within a migration:
use Cycle\Migrations\Migration; final class DeletePostUpdateItems extends Migration { private const TABLE_PREFIX = 'yii_rbac_'; private const ASSIGNMENTS_TABLE = self::TABLE_PREFIX . 'assignment'; public function up() { $this ->database() ->delete() ->from(self::ASSIGNMENTS_TABLE) ->where('item_name', 'IN', ['posts.redactor', 'posts.update']); } public function down() { } }
Documentation
If you need help or have a question, the Yii Forum is a good place for that. You may also check out other Yii Community Resources.
License
The Yii RBAC Cycle Database is free software. It is released under the terms of the BSD License.
Please see LICENSE
for more information.
Maintained by Yii Software.