Tacno
April 12, 2014, 11:16pm
1
Hello guys.
I’m making a intranet and I’m having a problem with authorization.
In SiteController I tried to put this code:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['index','logout'],
'rules' => [
[
'actions' => ['logout'], // logout, only logged users
'allow' => true,
'roles' => ['@'],
],
[
'actions' => ['index'], // in index, only authenticated users can see this page
'allow' => false,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
This script doesn’t work.
In another controller I need a restriction allow=>false for all actions if the user isn’t logged.
How can I do this??
Thanks!
Instead of this
'rules' => [
[
'actions' => ['logout'], // logout, only logged users
'allow' => true,
'roles' => ['@'],
],
[
'actions' => ['index'], // in index, only authenticated users can see this page
'allow' => false,
'roles' => ['@'],
],
],
use this
'rules' => [
[
'actions' => ['index', 'logout'],
'allow' => true,
'roles' => ['@'],
],
],
Tacno
April 12, 2014, 11:23pm
3
Instead of this
'rules' => [
[
'actions' => ['logout'], // logout, only logged users
'allow' => true,
'roles' => ['@'],
],
[
'actions' => ['index'], // in index, only authenticated users can see this page
'allow' => false,
'roles' => ['@'],
],
],
use this
'rules' => [
[
'actions' => ['index', 'logout'],
'allow' => true,
'roles' => ['@'],
],
],
Doesn’t work!!
I need to make any change in config/web.php ??
what do you mean by “doesn’t work?” Is there any error or something?
Tacno
April 12, 2014, 11:51pm
5
I discovered something.
In my controller i have the method beforeAction. I commented and all works perfectly.
But i need to run this method. How can I do to run the behavior and run the method beforeAction?
Probably you just forgot to call parent::beforeAction inside your own method.
Watch the API when overriding, because sometimes it looks like this:
* If you override this method, your code should look like the following:
*
* ```php
* public function beforeAction($action)
* {
* if (parent::beforeAction($action)) {
* // your custom code here
* return true; // or false if needed
* } else {
* return false;
* }
* }
Tacno
April 12, 2014, 11:59pm
7
looool
works for me!!
I forgot to call the parent::beforeAction($action);
Thanks man!
Haha, not so fast, my friend!
As I can see, RBAC is being rewritten right now, so chances are you’ll get an exception after update.
Keep calm and watch for commits.
plantehal
April 13, 2014, 3:59pm
9
If you are using RBAC, as for the latest changes, you also have to add two fields (created_at ->integer and updated_at->integer) in the following database tables: auth_assignment, auth_item, auth_rule. As well as changing all "Yii::$app->user->checkaccess" to "Yii::$app->user->can".
