I have implemented access control for the User class and it works as expected:
use yii\filters\AccessControl;
use yii\web\Controller;
class UserController extends Controller
{
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['register', 'login', 'logout', 'request-password-reset', 'reset-password', 'my-settings'],
'rules' => [
[
'allow' => true,
'actions' => ['register', 'login', 'request-password-reset', 'reset-password'],
'roles' => ['?'],
],
[
'allow' => true,
'actions' => ['logout', 'my-settings'],
'roles' => ['@'],
],
],
],
];
}
Now I am trying to implement on Profile controller, but it doesn’t work. It behaves as if there are no controls in place. I have carefully compared the two controllers and can’t see any meaningful differences. Am I missing something?
use yii\filters\AccessControl;
use yii\web\Controller;
class ProfileController extends Controller
{
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['my-profiles', 'create', 'preview', 'activate'],
'rules' => [
[
'allow' => true,
'actions' => [],
'roles' => ['?'],
],
[
'allow' => true,
'actions' => ['my-profiles', 'create', 'preview', 'activate'],
'roles' => ['@'],
],
],
],
];
}