Force login

ANDRE_Ani · September 2, 2015, 5:07pm

Hello,

I’m new in PHP dev and Yii framework.

I would like to force the login for all the pages of the application. How coul’d I do that please ?

Thanks a lot,

ANDRE Ani

Bizley · September 2, 2015, 7:56pm

Welcome to the forum.

Read this guide http://www.yiiframework.com/doc-2.0/guide-security-authorization.html

ANDRE_Ani · September 3, 2015, 3:16am

Thanks

So, if I understand this documentation, I have to use the Access Control Filter in the site controller, it’s the best way to do what I want ?

Bizley · September 3, 2015, 6:34am

Well, term "best way to do" in coding is a bit objective. Everything depends on your resources and goal.

In this case access control filter is easy to implement and effective.

ANDRE_Ani · September 3, 2015, 4:37pm

Yes, of course.

So, I’ll try to implement this.

I’ll come back here if I have some problems

Thanks again.

ANDRE_Ani · September 3, 2015, 5:28pm

I don’t understand how working :




'only' => ['login', 'logout', 'signup'],

for deny access to pages like index or contact (all the pages of the site).

If I understand the code I tryed :




public function behaviors()

    {

        return [

            'access' => [

                'class' => AccessControl::className(),

                'only' => ['login', 'logout', 'signup'],

                'rules' => [

                    [

                        'actions' => ['login', 'signup'],

                        'allow' => true,

                        'roles' => ['?'],

                    ],

                    

                    [

                        'allow' => true,

                        'actions' => ['logout'],

                        'roles' => ['@'],

                    ],

                    

                    

                   'denyCallback' => function ($rule, $action) {

			throw new \Exception('Vous devez vous connecter');

		   } 

                    

                ],

            ],

This allow for guest to go to login and signup, but what’s happen for other ‘actions’ ? A guest access to all the pages.

Bizley · September 3, 2015, 5:50pm

If you want to deny access to every action for the guests use this:




public function behaviors()

    {

        return [

            'access' => [

                'class' => AccessControl::className(),

                'except' => ['login'],

                'rules' => [

                    [

                        'allow' => true,

                        'roles' => ['@'],

                    ],

                ],

            ],

        ];

    }

skworden · September 4, 2015, 1:23am

Your best bet is to create your own base controller and make all of your controllers use it. In the base controller do what bizley said




//New Base controller

class Controller extends \yii\web\Controller {

  public function behaviors()

    {

        return [

            'access' => [

                'class' => AccessControl::className(),

                'except' => ['site/login'],

                'rules' => [

                    [

                        'allow' => true,

                        'roles' => ['@'],

                    ],

                ],

            ],

        ];

    }

}

All of your controllers would have to have the access control removed from them as the base would then be controlling it at that point.

ANDRE_Ani · September 4, 2015, 3:27am

except, ok.

I follow the example of Bizley and it’s working fine.

Thanks a lot.

Now, I would try to install an extension, for understand how does it work.

I don’t install Yii with Composer, is it a problem for installing an extension please ?

I saw several doc with several option to install it.

I open a new topic for this.