Yii 2 User Permission using matchCallback

As a web software developer I sometimes need to implement some kind of user permissions in the web applications that I build. The Yii 2 framework which I currently use has a built in system for doing just this however for applications that need a more lightweight user permission system the Yii 2 framework has introduced a method which was not available in the Yii 1 framework that can be used to easily build lightweight user permissions and that method is “matchCallback”.

Both Yii 1 and Yii 2 have a user permissions system named RBAC. In Yii 1 RBAC is implemented by writing code to define the user permissions, this code then populates the database tables with the user permissions. The user permissions are then applied to controller methods via more code known as access rules.

User permissions can also have what is known as a “bizRule”, a “bizRule” is an additional piece of code executed with the user permission that needs to evaluate to true in order for the user permission to be true. This can be used to implement checks to see if the record being displayed on the page is owned by the user trying to access the page as well as various other checks. The “bizRule” code is stored in the database along with the user permission.

One of the differences between the Yii 2 implementation of RBAC and the Yii 1 version is that the Yii 2 “bizRule” code is stored in code files and not the database. This makes more sense to me as the “bizRule” code is kept alongside the other code in the frameworks, models, controllers, views etc.

Infact it makes so much sense that during the later stages of using the Yii 1 framework I actually just stored class / function references in the “bizRule” code and wrote my real “bizRule” alongside the rest of framework code. Essentially implementing my own version of what Yii 2 covers as standard.

As mentioned above Yii 2 now implements a method called “matchCallback”. This means for web applications requiring simple user permissions RBAC is not needed as the “matchCallback” can be used to define the “bizRule” directly in the access rules …

So as shown above for web applications only requiring simple user permissions, the access rules are all that are needed.

Create a master Model and Controller in Yii2

In this article I discuss how to create a master Model and Controller using the Yii2 framework. Why would you want to do this? A master Model and Controller provides a place to put higher level methods which contain functionality that you want to use in your Models and Controllers. Rather than repeating code across multiple Models and Controllers put the code in the master Model and / or Controller and access it from the standard Models and Controllers. You can also override standard Yii2 Model and Controller functionality with your own altering the fundamental way Yii2 works without having to alter the core Yii2 files.

The master Model and Controller are classes that extend from the following …

  1. \yii\db\ActiveRecord – for Models
  2. \yii\web\Controller – for Controllers

Yii2 also contains another type of Model, this Model is used for defining data with no database table. This kind of model is useful for forms which do not need to use a database table but still need the inherit functionality within Yii2 Models like Validations. Although I will not be extending this second type of Model in this article you can use what you learn from this article to extend it yourself if you wish. The class for this Model is located at \yii\base\Model.

The diagram below shows what we are trying to accomplish …

Master Model and Controller

The “From” part of the diagram shows what the Yii2 software application without a master Model and Controller. The “To” part of the diagram shows the addition of the Master and Controller. Notice how the original ActiveRecord is called “ActiveRecord” and so is our master Model. Also the original Controller is called “Controller” and so is our master Controller. You do not need to worry about this as they exist in different Namespaces. You can call the master Model and / or Controller something different if you prefer.

Now lets look at the code to add the master Model and Controller to a Yii2 application. Create 2 new files one named “ActiveRecord.php” and one named “Controller.php” and place them inside the “components” folder inside your Yii2 application.

Now inside the files write the following code …



Now when it comes to creating your standard Models and Controllers you can extend from the master Model and Controller like follows …

Book.php (Model) …

BookController.php (Controller) …

The above 2 files would reside in the standard “models” and “controllers” folders.

Now any methods you want to use across multiple Models and Controllers can be placed inside the master Model and Controller. These will be accessible from the lower level Models and Controllers exactly as they would be in any extended PHP class. Also as mentioned earlier you can override standard Yii2 Model and Controller methods in the master Models and Controllers thus allowing you to alter the way Yii2 works without having to alter the core Yii2 files.

Remember if you wish to override the constructor in the master Model or Controller to call the parent constructor inside the override constructor.

A master Model and Controller are PHP classes I create for all my Yii2 applications. They are infinitely useful for the already mentioned above reasons.

Yii 1 to Yii 2 differences and enhancements part 2

I wrote about Yii 1 to Yii 2 differences and enhancements some time ago and now I am going to carry on from that article to discuss more differences and enhancements I have found since moving to the Yii 2 framework from the Yii 1 framework …


In Yii 1 relationships where defined in the relations method. The relations methods is a method that returns an array of data specifying the relations the model has and data relevant to those relations.

The array is used to create the relations as model properties.

In Yii 2 relations are defined in “magic methods” as follows …

I prefer the Yii 2 way of using the magic methods because it allows you to write additional code in the method that defines the relation. This could come in handy in unique scenarios where custom code is needed to handle the relationship. I also think the Yii 2 method is more in line with the PHP language as a whole than the Yii 1 way of defining relations.


Yii 2 has more validation options than Yii 1 and has introduced further options the validations themselves which make creating these sorts of validations a lot more streamlined. Both Yii 1 and Yii 2 validations are defined as arrays. With the added bonus of the later version of PHP language in the Yii 2 framework the arrays in Yii 2 look more streamlined.

For example rather than this …

They are like this …

They look much better.

Yii 2 introduces the new “when” option and thanks to PHP callback functions we can now write a validation like so …

This will only require the “name” attribute when the “complete” attribute is true. In Yii 1 this validation would have had to have been written as a custom validation method which is a real pain.

That is it for now, another update to come soon.

Yii 1 to Yii 2 differences and enhancements part 1

A number of months ago I made the switch to the Yii 2 framework from the Yii 1 framework. My intent in this post is to outline some of the differences and enhancements I have found from switching to the latest Yii framework.

A framework is a set of code written to help in common programming tasks for example handling data, creating forms and data tables etc.

When I first started programming I did not use a framework as I did not understand the benefits properly of using a framework. The above tasks would have been written from scratch and would have essentially duplicated code that was already out there for solving these common tasks.

When I first started using a framework it made my life much easier and the end product was of a better quality to time ratio than not using a framework. The same quality could be achieved without the use of a framework but would take longer and the programmer would be essentially writing code for common problems that already have a solution.

I would also like to mention that frameworks provide a consistent structure to the code that a programmer writes so that one way of solving a problem at one end of the code would be the same way the problem was solved at another end of the code. This makes it easier for other programmers to understand the code base.

After using the Yii 2 framework here are some of the differences and enhancements that I have found …

User Identity

In Yii 1 a “User identity” is a class that extends “UserIdentity” and handles the authentication and identity of the logged in user. I would create a class that extends “UserIdentity” create some predefined methods and let Yii handle the authentication.

In Yii 2 a similar approach is used except I do not create an extended “UserIdentity” class but instead I “implement” “IdentityInterface” in my User class. In Yii 1 I would have a “UserIdentity” class and a “User” class, in Yii 2 I just have the “User” class. Similar to Yii 1 I create some predefined methods in my “User” class and let Yii handle the authentication.

Active Record

Active Record has some key differences going from the Yii 1 framework to the Yii 2 framework. In Yii 1 Active Record was used like so …

Or …

Or …

In Yii 2 Active Record is used as follows …

Or …

Or …

Basically in Yii 1 there where a lot of methods that where created for specific purposes “findAll”, “findByPK”, “findByAttributes”, “findAllByAttributes”, “deleteByPK”, “deleteAllByAttributes” etc.

Yii 2 can do all of the above purposes but the syntax is much more flexible in that it does not have methods for each purpose but flexible syntax that can be used for flexible purposes.

Also note how in Yii 1 I used array() and in Yii 2 I used []. That is because at the time of Yii 1 array() was the PHP syntax used for creating arrays and at the time of Yii 2 [] could also be used to create arrays. Not really a Yii issue but still the array syntax looks better in the more modern version of PHP.


Due to the Yii 2 framework being written at a time when the version of PHP was later and more modern the Yii 2 framework has made extensive use of the “Use” statement and “Namespaces”. Yii 1 did not make use of these at all probably because they where not implemented in PHP at the time the Yii 1 framework was written.

Nevertheless I feel the “Use” statement and “Namespaces” give the code a more professional feel and it means that the code is only made use of when the code is needed.

I will be updating the blog with more articles on Yii 1 to Yii 2 differences and enhancements as I go a long. I already have plenty of differences lined up but I will be saving them for the next article in this series.