Authentication & RBAC

Enterprise-grade user authentication with role-based access control

Overview

Complete authentication system with database-backed RBAC, supporting superadmin, admin, moderator, and user roles. Includes secure password hashing, session management, and granular permission controls.

Design Considerations

UX patterns and visual design notes for this feature:

•Login forms should feel welcoming, not intimidating
•Role badges use color psychology: red for admin power, blue for trust
•Permission denied states need empathy - explain what's restricted, offer alternatives
•Session timeout warnings prevent frustrating data loss

Key Benefits

What makes this feature stand out:

✓Zero-config RBAC out of the box
✓Hierarchical roles (superadmin inherits all)
✓Database-driven - no code changes needed
✓Yii2 native authManager integration

Technical Note

Uses Yii2's DbManager for RBAC. Roles stored in auth_item (type=1), permissions (type=2). Check permissions with Yii::$app->user->can('permissionName').

Helpers

AdminHelperAuthAssignment

Models

UserLoginFormSignupForm

Database Tables

userauth_itemauth_item_childauth_assignmentauth_rule

Configuration

Config Relationship Legend

⚙ DB overrides params.php🔗 DB related setting📋 DB stores value only

params.php Configuration

Config path: params['auth']

params['auth']['password']['minLength'] => 8params['auth']['password']['hashCost'] => 13params['auth']['session']['timeout'] => 7200params['auth']['rememberMe']['duration'] => 2592000params['auth']['emailVerification']['required'] => false

Database Settings (system_setting table)

Key	Type	Description	Relation
`auth_password_min_length`	number	Minimum password length	⚙
`auth_password_hash_cost`	number	Bcrypt hash cost (10-14)	⚙
`auth_session_timeout`	number	Session timeout in seconds	⚙
`auth_remember_me_duration`	number	Remember me duration	⚙
`auth_email_verification_required`	boolean	Require email verification	⚙

Admin Settings Login Security 🛡️

All Features