Hello, i’m trying to use those 2 behaviors in the controller, which extends ActiveController
But authenticator behavior works every time, ignoring access behavior
There is my code
public function behaviors() {
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => TokenAuth::className()
];
$behaviors['access'] = array(
'class' => \yii\filters\AccessControl::className(),
'only' => ['login', 'registration', 'logout'],
'rules' => array(
[
'allow' => true,
'actions' => ['login', 'registration'],
'roles' => ['?'],
'verbs' => ['post']
],
[
'allow' => true,
'actions' => ['logout'],
'roles' => ['@'],
],
)
);
return $behaviors;
}
For an example: Access to all methods should be disabled. Authenticated users should have access to method "logout". Unauthenticated users should have access to "login" and "registration" methods.
TokenAuth::className()
is almost identical to
QueryParamAuth::className()
. I just do some additional checks.
What’s wrong?