/** * @param int $id - User ID * * @return \yii\web\Response */ public function actionSetRoles($id) { if (!Yii::$app->user->identity->isSuperadmin and Yii::$app->user->id == $id) { Yii::$app->session->setFlash('error', 'You can not change own permissions'); return $this->redirect(['set', 'id' => $id]); } $oldAssignments = array_keys(Role::getUserRoles($id)); // To be sure that user didn't attempt to assign himself some unavailable roles $newAssignments = array_intersect(Role::getAvailableRoles(Yii::$app->user->identity->isSuperAdmin, true), Yii::$app->request->post('roles', [])); $toAssign = array_diff($newAssignments, $oldAssignments); $toRevoke = array_diff($oldAssignments, $newAssignments); foreach ($toRevoke as $role) { User::revokeRole($id, $role); } foreach ($toAssign as $role) { User::assignRole($id, $role); } Yii::$app->session->setFlash('success', 'Saved'); return $this->redirect(['set', 'id' => $id]); }