Yii2 Rbac resolution differs from the role?

Somebody on fingers can explain what is the role of permissions in rbac? I've tried to understand did not understand. Well, for example we have created three role Admin Manager User made solutions AdminPanel and tied it to Admin and User, and then pointed out in AccessControl access for admin (or admin area at all) why also in AccessControl don't specify access for these roles and all?
April 4th 20 at 00:53
1 answer
April 4th 20 at 00:55
Resolution is what user can do: view, admin, edit posts, delete users and so on.

To have the same permissions to assign each time a different user tied to a role. Then the role assigned to the user either immediately upon registration or the administrator.

When you assign the role "Administrator" any user are available for him all the permissions of the role. The same role can inherit. The admin can inherit the user role and optional permissions.

If you added a new permission system, then you just assign this permission to the required roles. And all users of this role becoming available is the solution. If it were not for role - permission would need to assign to all users.

In small projects you can do for roles with no permissions.

A role is used to group permissions.

Clearly enough described in Wikipedia.
dry technical documentation doesn't say read more than a dozen times on the fingers would be clearer. For resolution need rules else to do or what? - neva_Stros commented on April 4th 20 at 00:58
@neva_Strosexample, I explained you on your toes.

In the rules you pass a permission or role. If you have complex logic, it is better to use rules permit. If the logic is not complicated, you can do without permission - only roles.

For example. If you need to hide phone number field to all except admin, then you can write:

if(Yii::$app->user->can(“admin”)) {

However, if you still want to display the phone to the moderators, the code is more complicated. And you have to make two conditions in if. Or you suddenly decide that the phone can show the moderators, and the administrator need to hide it. Such actions may lead to changes in the code. However, you can do otherwise. Is the role specified resolution:
if(Yii::$app->user->can(“profile.view.mobilePhone”)) {

In this case, in order to give rights to view the phone you only need to assign the permission profile.view.mobilePhone to the role or specific user. Wanted all admins have given this permission, and wanted only herself.

So everywhere in your code you specify the resolution. Further, these permissions create in Rbac. Then assign these permissions to a role or specific user.

If you wish this permission to view the phone give and Bob, just added him this permission. If all moderator then give this permission only to role. And all the moderators will see the phones.

I do not know. I quite simply explained. From different sides. Not understand it's just a... If very tight, then don't worry about it. Work with roles. Then you will understand. - napoleon.Wyman commented on April 4th 20 at 01:01

Find more questions by tags Yii