How to choose the CRUD operations for a db standard RBAC in YII2?

Is there a website in which you have already implemented RBAC, but there is no CRUD for it. The change of role is implemented of course, but creating new roles, rules, etc. Was done by hand.
Now think to tie all this CRUD, but somehow lazy, have got to search ready decisions, a lot of them, but they all implement either a chat or changed, something that does not fit.
Does anybody know a ready solution in the framework of standard use opisannogo at the docks YII2.
Did the docks and for this great article, if anyone is interested wiki.it-wiki.org.ua/doku.php/yii2:rbac

And additional question. Who dismantled yii\rbac\DbManager in pieces, tell me, besides creating records in the database he does not create classes, etc. In fact you can just use gii to generate rbac for its tables and premarital a bit? It is possible to work directly with the database, and not through the methods of yii\rbac\DbManager to add and edit?
July 8th 19 at 16:36
1 answer
July 8th 19 at 16:38
Yes, you can work directly with the database.
There is logic in the sample, for adding you can do anything, if you follow the links.

To manage roles, rules, etc. I believe that this functionality is redundant IMHO.
But if necessary, it is better to write under the task. It will be easier to customize than those that have.
If just admin, user, banned, Yes, but if there is inheritance, there are rules, such as verifying the authorship? - Henderson_Beat commented on July 8th 19 at 16:41
given that the web author is the user or group that rbac can not use ( verification of authorship can be realized not through rbac). Here is a question of which task. But in principle it is possible to write service on rbac, there are interfaces for which you can expand it or rewrite it. Or see the logic and change table accordingly. There logic is simple. Rules the relation table of rules and groups, the link table rules with the users. - Kaylah_Mraz82 commented on July 8th 19 at 16:44
: Not really. Inheritance helps. If We grant the right to edit the entry author and admin - 2 checking, and RBAC is if(yii::$app->user->can(updatePost)). If still to complicate the relationship, then rbac exactly necessary. - Henderson_Beat commented on July 8th 19 at 16:47
So I'm not saying that it is not necessary=)
If you come as described, it is better to write a service on rbac as it out of the box does not give the functionality to identify the author.
Ie there is in any case need the additional layer of abstraction. The only question is what to build it.

But if you use yii::$app->user->can('updatePost')
You
a) Must be different persichini for different authors Is the wrong decision.
b) the Administrator or should have Parmesan from the series 'globalUpdatePost' and still get the 2nd check (user - admin - moderator).
Or should be included in permisan all authors, which again smacks of the curve solution.
Otherwise, everyone who is the author (and if it's Habr put), that many authors and they should not edit each other's posts, and the table of ratios of material -> author or does not exist, or must be used. that gives you another check.

In General, I see the solution only in extending the rbac with an additional layer of abstraction. - Kaylah_Mraz82 commented on July 8th 19 at 16:50

Find more questions by tags CRUDPHPYii