improved docs

docs/guide/security-authorization.md

@@ -491,36 +491,34 @@ public function behaviors()
 If all the CRUD operations are managed together then it's a good idea to use a single permission, like `managePost`, and
 check it in [[yii\web\Controller::beforeAction()]].
 
-You can also use rules from the [[yii\filters\AccessControl|AccessControl]] filter. For that you specify the
-[[yii\filters\AccessRule::roleParams|roleParams]] that you need to pass to the [[yii\filters\AccessRule|AccessRule]]:
-
+In the above example, no parameters are passed with the roles specified for accessing an action, but in case of the
+`updatePost` permission, we need to pass a `post` parameter for it to work properly.
+You can pass parameters to [[yii\web\User::can()]] by specifying [[yii\filters\AccessRule::roleParams|roleParams]] on
+the access rule:
 
 ```php
-use yii\filters\AccessControl;
-
-class PostsController extends Controller
-{
-    public function behaviors()
-    {
-        return [
-            'access' => [
-                'class' => AccessControl::className(),
-                'rules' => [
-                    [
-                        'actions' => ['update'],
-                        'roles' => ['updatePost'],
-                        'roleParams' => function() {
-                            return ['post' => Post::findOne(Yii::$app->request->get('id'))];
-                        },
-                        'allow' => true,
-                    ],
-                ],
-            ],
-        ];
-    }
-}
+[
+    'allow' => true,
+    'actions' => ['update'],
+    'roles' => ['updatePost'],
+    'roleParams' => function() {
+        return ['post' => Post::findOne(Yii::$app->request->get('id'))];
+    },
+],
 ```
 
+In the above example, [[yii\filters\AccessRule::roleParams|roleParams]] is a Closure that will be evaluated when
+the access rule is checked, so the model will only be loaded when needed.
+If the creation of role parameters is a simple operation, you may just specify an array, like so:
+
+```php
+[
+    'allow' => true,
+    'actions' => ['update'],
+    'roles' => ['updatePost'],
+    'roleParams' => ['postId' => Yii::$app->request->get('id')];
+],
+```
 
 ### Using Default Roles <span id="using-default-roles"></span>
 

framework/filters/AccessRule.php

@@ -63,10 +63,16 @@ class AccessRule extends Component
      * @var array|Closure parameters to pass to the [[User::can()]] function for evaluating
      * user permissions in [[$roles]].
      *
-     * If this is an array, it will be passed directly to [[User::can()]].
+     * If this is an array, it will be passed directly to [[User::can()]]. For example for passing an
+     * ID from the current request, you may use the following:
+     *
+     * ```php
+     * ['postId' => Yii::$app->request->get('id')]
+     * ```
+     *
      * You may also specify a closure that returns an array. This can be used to
-     * evaluate the array values only if they are needed.
-     * This can be used for example like this:
+     * evaluate the array values only if they are needed, for example when a model needs to be
+     * loaded like in the following code:
      *
      * ```php
      * 'rules' => [
@@ -75,7 +81,7 @@ class AccessRule extends Component
      *         'actions' => ['update'],
      *         'roles' => ['updatePost'],
      *         'roleParams' => function($rule) {
-     *             return ['postId' => Yii::$app->request->get('id')];
+     *             return ['post' => Post::findOne(Yii::$app->request->get('id'))];
      *         },
      *     ],
      * ],