For applications with hierarhical access roles system.
You have an application - API. You have two roles here:
- admin - they can watch statistics and edit clients;
- client - they can see own statistics and set settings.
You need to allow admins to authorize as clients without knowing their passwords just from admin interface. And you need to allow admins to get back to their own privilegis/account without re-logining. And of course you need to log all changes made by admins as clients properly, so you always knew who actually made some changes.
$ composer require daydiff/yii2-auth-chainRegister application component:
'components' => [
'authChain' => [
'class' => 'Daydiff\AuthChain\Service'
],
]You need to declare a member class implementing \Daydiff\AuthChain\MemberInterface
//Member.php
namespace app\foo\bar;
class Member implements \Daydiff\AuthChain\MemberInterface
{
private $id;
private $login;
/**
* @inheritdoc
*/
function getId()
{
return $this->id;
}
/**
* @inheritdoc
*/
function getLogin()
{
return $this->login;
}
/**
* @inheritdoc
*/
function setId($id)
{
$this->id = $id;
return $this;
}
/**
* @inheritdoc
*/
function setLogin($login)
{
$this->login = $login;
return $this;
}
}In your action used to authorize as client:
public function actionAuthAs($id)
{
$user = \Yii::$app->getIdentity()->getUser();
$member = new app\foo\bar\Member();
$member->setId($user->id)
->setLogin($user->login);
\Yii::$app->authChain->push($member);
//and then you do authorization work
}When you need to know who user actually is:
$member = \Yii::$app->authChain->last();
$realUserId = $member->getId();