Yii2: 2.1.x and 2.2.x Milestone - 2 cents +1

PHP Version: I am for PHP 5.6 for 2.1.x milestone, and PHP 7.x (stable) for 2.2 milestone. I feel a large jump could cause unexpected issues. Since others comment that Yii can currently run fine on 7, we may see most of the issues being with 3rd party extensions (who make up the most important part of Yii). Give them time to adapt and catch up.

init: - I actually like the init option. It saves from ugly "IF CHECKS" to determine if I am on x server or y, and to use separate configs and settings. Maybe separate it as an "add-on"?

Assets: - I am fine with doing away with assets - It should be an add-on and not part of the main framework.

I think it should be more straight-forward for using the jQuery and Bootstrap CDN's. Possibly using them out of the box 👍 I would like to see FontAwesome (ex:nice icons in the text inputs on login page) and using the CDN. Of course, a way to override the CDN and use your local files.

I do like AssetBundles though. I like to make a bundle for say, "Revolution Slider", where it loads the appropriate css and js files. So when I want to use it on a page, I load the bundle. Life Saver! Though they could be simpler and more dynamic. If I load 5 js files, I should be able to add a weight to them (1-99) so I can control the order.. or each js file can have an option to "load after x". Each js file should be able to be in the header or footer. 1 asset bundle, calling 5 js files, with control over header/footer and which loads before the other. - I think currently, the only way it to control which loads before the other, is to create 2 AssetBundles, splitting them up and depending on the 1st.

Pull request to be merged: Fix the hidden input labels to be off by default!!

Logic Reflow: Completely separate frontend and backend. Every site where I have users create accounts, I have admins to manage them! Am I the only one who thinks like this? Frontend would be your users area, and backend would be your admin area... admins should not be stored in the users table... Default migration should create user table and admin table. Frontend and Backend should be separated from each other (app id, session, cookie) by default. --- I would like to be able to have Yii::$app->admin as well as Yii::$app->user. It's confusing when looking through lines of code.

Maybe instead of backend it should be called admin? Maybe frontend should be called user. Maybe adding a 3rd for the homepage. You could have site.com, site.com/admin, site.com/user.

Pretty URLs by default.

New Tricks

SEO friendly out of the box

DataTables out of the box

A Yii2 logger and Chrome extension for debug

Bower and Gulp should be in 2.1

PHPBower looks cool but I don't know much about it.

Possibly Yeoman as well?

phpdotenv - looks cool. This could be where init could still play a role, to swap the .env files. I have 3 environments: localhost (which is my dev), test/client preview, production.

Candidates for core-independent general PHP packages:

Recaptcha - I don't know about the others, but I vote for himiklab's Yii2 Recaptcha Widget. Put it in the composer.json and basic config ready to go.

Migrations - I would like to see a tool, like Gii, for creating migrations easier.

RBAC: - A default and basic implementation of RBAC without the need of a database. We don't all need to know if the user can do this, and user can do that, for 1 million actions. Make use of a "roles" column (integer) in the user's table.

My use of RBAC

I have duplicated "User" model as "Admin" and it uses the "admin" table. I have added a column named "roles". Roles are: 100 for root, 50 for super, and 10 for basic admin. Admin's can't add other admins or modify user accounts. Super Admins can modify any account under them (regular admins) and their own account. Root can do anything :)

So basically, I just need a simple psuedo code:

if ( isSuperAdmin() || isOwnAccount() ) {
    // - can do something
}

Now, that is super simple for us to add ourselves. I get that. However, the "roles" config in the Controller should be more dynamic and easier to use.

return [
    'access' => [
        'rules' => [
            [
                'actions' => ['edit-admin-account'],
                'allow' => true,
                'roles' => ['root', 'super', isOwnAccount()],
            ],
        ]
    ]
]

Notice the function as an option for roles.

Another RBAC idea is to allow options for roles. AFAIK, a user's role should be identified as an integer in the database. As I mentioned above, root = 100, 50 = super, 10 = admin. Maybe something like this could be allowed:

'roles' => [
    [
        'min-role' => 50, // -- or Admin::ROLE_SUPER
        'max-role' => 100, // -- (optional) or Admin::ROLE_ROOT
        'override' => isOwnAccount(),  // -- (optional) - function that runs after others and overrides them
    ]
]

Another way to check in view or controller:

if ( Yii::$app->rbac->isRole( Admin:ROLE_SUPER )->orHigher()->isOwnAccount() ) {
    // do something
}

I think RBAC is complicated and not very efficient in Yii2. I think we need a few different types of RBAC, starting with a simple one, and more flexibility with how we use them. I found it a pain to roll out my own custom RBAC due to the lack of being able to override them in the Controller roles section and the ability to use custom functions. A second choice would be where you have a running file with functions, and code in all your uses if you need to have custom checks (ex: userCanUploadImages()). And a 3rd more advanced option for using a DB or something else (faster). I don't really like the idea of using a DB for each individual role, sounds like a hinder on performance.

Final Words

I can probably add more control in asset bundles, and make my own RBAC addon based off my current creation. I just need to clean up my RBAC and see if I have to modify any main Yii2 code..

I think now is a good time to get community feedback on defaults that Yii2 should come out of the box with, built in things that need to give us more control of how they work, and changes that are slowing down 3rd party development.

Additional info

| Q | A |
| --- | --- |
| Yii version | 2.1/2.2 milestone |
| PHP version | any |
| Operating system | any |