Maslosoft Framework Logo Maslosoft Framework Documentation
Flexible Application Foundation


Controller actions

To allow performing action by anyone there must be role to do this. Fortunately, this is very easy to accomplish as roles are defined automatically by scanning actions.

To define role add @Allowed annotation on controller action with value of role name. Roles are bundled by module and controller - role in one controller and with same name - is same role.

Additionally there are special roles: * for anyone and @ for registered users.

Example of role applied on action:

/**
     * @Label('Users list')
     * @Allowed('userViewer')
     */
    public function actionIndex(): void
    {
        $dataProvider = new DataProvider(User::class);

        $this->render('index', ['dataProvider' => $dataProvider]);
    }

After adding or changing role, roles need to be rebuild. This is done by calling console command:

df build:roles

By default roles definition is saved in generated folder, and should be commited with application.

After building roles, they can be assigned to groups in user module, via groups management:

Groups Roles

Each user can have assigned many groups, and this will result in permissions evaluation as described in GRBAC:

Groups Roles