Mixing ACF and RBAC
ACF contains a property named role that is usually filled with ? to indicate that access is available for all users, and @ to indicate that access is restricted to authenticated ones. But there is a third option that refers its content to the role name of the RBAC system.
For each controller, therefore, it is enough to overwrite behaviors() by specifying the roles that can access the actions inside the controller and then to associate users to the role, in order to allow or deny access.
Example – managing users' roles to access rooms, reservations, and customers
In this example, we will show you how to manage the access to the controller actions using ACF and RBAC.
We will use the foo user to simulate an authenticated user for RoomsController. The first thing to do is to extend the behaviors() method of RoomsController in basic/controller/RoomsController.php with this content:
Use yii\filters\AccessControl;
public function behaviors()
{
return [
...
