{"id":28635424,"url":"https://github.com/dmstr/yii2-rbac-migration","last_synced_at":"2025-07-16T05:11:58.066Z","repository":{"id":39861540,"uuid":"263000161","full_name":"dmstr/yii2-rbac-migration","owner":"dmstr","description":"Migrations for RBAC assignments","archived":false,"fork":false,"pushed_at":"2022-07-07T14:48:06.000Z","size":34,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-06-12T17:11:23.335Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dmstr.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-05-11T09:40:08.000Z","updated_at":"2022-02-17T12:05:15.000Z","dependencies_parsed_at":"2022-09-22T14:24:54.233Z","dependency_job_id":null,"html_url":"https://github.com/dmstr/yii2-rbac-migration","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":"dmstr/template-yii2-repo","purl":"pkg:github/dmstr/yii2-rbac-migration","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmstr%2Fyii2-rbac-migration","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmstr%2Fyii2-rbac-migration/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmstr%2Fyii2-rbac-migration/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmstr%2Fyii2-rbac-migration/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dmstr","download_url":"https://codeload.github.com/dmstr/yii2-rbac-migration/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmstr%2Fyii2-rbac-migration/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265483823,"owners_count":23774283,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-12T17:10:14.229Z","updated_at":"2025-07-16T05:11:58.029Z","avatar_url":"https://github.com/dmstr.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Yii RBAC Migration\n\nThis migration allows one to define the desired 'state' of rbac item structure.\n\nA multidimensional array is used to define how the desired item structure should look after the migration.\n\nFollowing the style of puppet config, the main attribute defining the desired or \nexpected state of an item is the `ensure` parameter.\n\n**Since this type of migration change security related data, it is recommended to rather define a defensive configuration.**\n\n## Installation\n\n```bash\ncomposer require dmstr/yii2-rbac-migration\n```\n\n## Example usage\n\n```php\n\u003c?php\n\nuse dmstr\\rbacMigration\\Migration;\nuse yii\\rbac\\Item;\n\nclass m000000_000000_my_example_migration extends Migration {\n\n    // define default params for al items\n    public $defaultFlags = [\n        'ensure' =\u003e self::PRESENT,\n        'replace' =\u003e false,\n    ];\n\n    public $privileges = [\n        [\n            'name' =\u003e 'Role1',\n            'type' =\u003e Item::TYPE_ROLE,\n            'description' =\u003e 'My custom description',\n            'ensure' =\u003e self::PRESENT,\n            'replace' =\u003e true,\n            'children' =\u003e [\n                [\n                    'name' =\u003e 'permission1',\n                    'type' =\u003e Item::TYPE_PERMISSION,\n                    'rule' =\u003e [\n                       'name' =\u003e 'Rule0',\n                       'class' =\u003e some\\namespaced\\Rule::class\n                   ]\n                ],\n                [\n                    'name' =\u003e 'permission2',\n                    'type' =\u003e Item::TYPE_PERMISSION,\n                    'ensure' =\u003e self::MUST_EXIST\n                ],\n                [\n                    'name' =\u003e 'Role1',\n                    'ensure' =\u003e self::PRESENT,\n                    'children' =\u003e [\n                        [\n                            'name' =\u003e 'permission3',\n                            'type' =\u003e Item::TYPE_PERMISSION\n                        ]\n                    ]\n                ]\n            ]\n        ],\n        [\n            'name' =\u003e 'permission3',\n            'type' =\u003e Item::TYPE_PERMISSION,\n            'ensure' =\u003e self::ABSENT\n        ],\n    ];\n}\n```\n\n## config params per privilege item\n\n- default params for all items are defined via `protected $_defaultFlagsStruct` array\n- default params can be defined/overridden per migration instance via `public $defaultFlags`\n- params which are set directly at the items have the highest priority \n\ndefined params are merged per item.\n\n| param  | value   | required | default               | description                                                    |\n|--------|---------| ---------|-----------------------|----------------------------------------------------------------|\n| name   | string  | yes      | null                  | rbac item name                                                 |\n| type   | Item::TYPE_ROLE or Item::TYPE_PERMISSION | no | Item::TYPE_PERMISSION | rbac item type                                                 |\n| ensure | see ensure flags | no | self::NEW             | ensure state of the item after and before migration            |\n| replace | boolean | no | false                 | weather item will be updated if exists                         |\n| rule | array | no | none                  | array of name, class properties that will be used as rule for this item |\n| description | string | no | none                  | description property of the item                               |\n\n\n### valid flags for `ensure` param\n\n| flag | desc                                                                                                                                   |\n| -----|----------------------------------------------------------------------------------------------------------------------------------------|\n| self::NEW | new item will be created, error if already exists                                                                                      |\n| self::MUST_EXIST | item must exist, error if not                                                                                                          |\n| self::PRESENT | ensure item exists, if `replace == true` update/replace, otherwise leave as is                                                         |\n| self::ABSENT | if item extists item will be removed. Handle with care! |\n\n### hints for `self::ABSENT`\n\n- If defined as item param, the item will be removed regardless of its position.\n- So if you define `ensure =\u003e self::ABSENT` in child items, NOT only the child relation but the item will be removed!\n- if auth items are defined in DB and the auth tables has FK with cascade, child relations for this item may be deleted by the db.\n\n### hints for rules\n\n- if defined rules are assigned to item \"by name\".\n- if not exists it will be created with the given class property.\n- if rule with given name already exists and `replace` is set to `true`, rule will be updated, otherwise existing rule will be used. \n\n### deprecated item params\n\nthe params `_exists` and  `_force` are deprecated but still valid and will be replaced with new params scheme\n\n| deprecated param | converted to                                 |\n| -----------------|----------------------------------------------|\n| _exists          | 'ensure' =\u003e self::MUST_EXIST                 |\n| _force           | 'ensure' =\u003e self::PRESENT, 'replace' =\u003e true |\n\n### shortcut syntax for mass assignments\n\nto be able to quickly define mass assignments a special shortcut syntax where item is just a string can be used.\nThe string will be set as item['name'] property, all other params are used from (defined) defaults.\n\nExample:\n\n```php\n    public $defaultFlags = [\n        'type'    =\u003e Item::TYPE_PERMISSION,\n        'ensure'  =\u003e self::MUST_EXIST,\n        'replace' =\u003e false,\n    ];\n    public $privileges = [\n            [\n            'name'        =\u003e 'PublicationEditor',\n            'type'        =\u003e Item::TYPE_ROLE,\n            'ensure'      =\u003e self::PRESENT,\n            'replace'     =\u003e true,\n            'description' =\u003e 'Create, edit, delete publication items.',\n            'children'    =\u003e [\n                'publication_default',\n                'publication_crud_index',\n                'publication_crud_publication-item_create',\n                'publication_crud_publication-item_delete',\n                'publication_crud_publication-item_index',\n                'publication_crud_publication-item_update',\n                'publication_crud_publication-item_view',\n            ]\n        ]\n    ];\n\n```\n\n## safeDown()\n\nThese auth migrations can not be reverted.\n\n---\n\nBuilt by [dmstr](http://diemeisterei.de)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmstr%2Fyii2-rbac-migration","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdmstr%2Fyii2-rbac-migration","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmstr%2Fyii2-rbac-migration/lists"}