Authentication and roles in web.php config file

iMops · October 14, 2023, 1:39pm

Hi!
I want to grant access to admin user in all controllers except two. I have like 50 controllers/tables.

I’m wondering, if it is possible to grant access in a single file (like web config)?

BartQ76 · October 14, 2023, 3:38pm

Yes, it is possible. You can attach access filter to whole application: https://www.yiiframework.com/doc/guide/2.0/en/structure-filters#using-filters

Besides controllers, you can also declare filters in a module or application. When you do so, the filters will be applied to all controller actions belonging to that module or application, unless you configure the filters’ only and except properties like described above.

iMops · October 15, 2023, 1:20pm

Hi!

I added this rule in web.php under components.
I’m trying to allow access to guests like this:

But somehow is not working. Am I missing something?

'as access' => [
            'class' => yii\filters\AccessControl::class,
            'except' => ['site/new-change'],
            'rules' => [
                ['allow' => false, 'roles' => ['?']],
            ],
        ],

BartQ76 · October 16, 2023, 5:32am

Tell us what does it mean? There are many possibilities.

jevis · October 20, 2023, 9:11am

add permissions to the 48 controllers except those two

iMops · October 20, 2023, 9:26am

Well I have an admin panel, to where 2 pages are also for guests.

site/new-change
site/contract

In my SiteController there are 2 methods, that I want to be available for guests:

actionNewChange(…)
actionContract(…)

I found only two examples, but none of them is working like expected. Examples:

'components' => [
        'as access' => [
            'class' => yii\filters\AccessControl::class,
            'except' => ['site/new-change'],
            'rules' => [
                ['allow' => false, 'roles' => ['?']],
            ],
        ],
        'as beforeRequest' => [
            'class' => 'yii\filters\AccessControl',
            'rules' => [
                [
                    'actions' => ['site/new-change'],
                    'allow' => true,
                ],
                [
    
                    'allow' => true,
                    'roles' => ['?'],
                ],
            ],
        ],
]

Are those filters correct Bart?

BartQ76 · October 21, 2023, 6:10am

I never had the chance to set up access filter on application level.

[…] But somehow is not working.
[…] but none of them is working like expected.

It is still not enough to help you with my (limited) knowledge. Describe the situation in details please, how app is working with above attempts then we could find the answer. If I were you I would use the step debugging to examine how access filter works attached this way.

iMops · October 21, 2023, 12:08pm

Me neither, till now. I think is a much better approach, especially when you have tons of controllers and want to deny/permit only few actions.

I’m gonna ask @samdark

samdark · October 23, 2023, 1:58pm

Access should be always a whitelist so deny everything then allow what’s needed per controller.

iMops · November 3, 2023, 5:18pm

It take me almost 10 days
Joke. This VS Code is very useful (Ctrl + Shift + H) took me 1 minute.

ps: VS Code the only app M!cr0ft can be proud of