I am a newbie to Yii. I am currently developing a web application where users must login first in order to use our system. how can we guard this line so that whenever users are not loggedin or logout, they will be redirected to the login page?
Please start with reading the Guide and in particular the Authentication and Authorization section. It contains everything you need to work out the answer.
ok, may be let me say that I know how to guard for each controller because they have access rule. but I just don’t know how to guard for the whole system in one shot.
If you want to restrict authenticated/guest users from controller actions, you can do this by implementing the access control filter and specifying rules using the accessRules method of the controller.
you mean "You should not be implementing this as a system wide thing but on a per controller basis."
I was thinking, if all controller extends from controller which extends Ccontroller, would that be possible to do anything in the Controller class, instead of doing the same in all its sub controllers.
all controllers we create extend from the Controller class, which locates in the protected/component/Controller.php right?
what I mean is that instead of applying rules to sub controllers, like if user is not logged in,then redirect user to login page. why not just apply it to the parent Controller class. this way, we don’t need to do the same logic for sub controllers. hope this is clear…
Not at all. If I unserand bingjie2680 correctly, he wants to implement a basic level of access controll in the parent class of every controller and this is perfectly fine:
I personally would not put any access rules in a parent controller because as soon as I want to introduce something as basic as a role, biz rule or some other item, then I have to start calling the parent method, merging arrays etc. and it just looks ugly. I also try not to rely on parent controllers either as to limit decoupling/dependency of classes throughout my applications.
You may also not want authentication for a particular action e.g. site/login site/password-reset and so on, so again, I’d have to start over writing access rules of the parent controller.