steve3d
(Steve)
May 13, 2014, 3:09am
1
I’m new to yii framework, now yii2 have entered beta, So I decided to start with yii 2.0.
my web application has a very long development period, might be over a year from now on. and because Yii 1.x and 2.x are not compatible, so these are two reasons why I don’t want to start with yii 1.x
What I’m doing is to create some kind of backend application, and users are created inside the backend, so unregistered user can only access the login and forgot-password action.
I’ve found a lot of articles about how to force guest users to login before they can do any actions. but all these techniques don’t work in yii2.
and according to the guide 2.0 http://www.yiiframework.com/doc-2.0/guide-authorization.html , so I change the SiteController::behaviors like this:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['login'],
'rules' => [
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'allow' => false,
'roles' => ['?'],
],
],
],
];
}
then guest user still can access everything in the basic application template.
So how can I force the guest users can only view the login action page?
Thanks
Just set all actions for authorized logins only and prevent guests (which will take them automatically to login page). In your controller behaviors method…
// part of your behaviors() method
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'actions' => ['logout', 'index'], // add all actions to take guest to login page
'allow' => true,
'roles' => ['@'],
],
],
],
steve3d
(Steve)
May 13, 2014, 3:24am
3
wa~~ thanks for quick reply.
And I also checked the backend SiteController of advanced template, then I decided to use this rules to force guest users,
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'allow' => true,
'roles' => ['@'],
],
],
],
drawlusyk
(Drawlusyk)
September 3, 2014, 2:26pm
4
Hi Guys, Is there a place to put this to govern all controllers of the site, rather than in each individual controller?
Rgds,
Dennis
seyyed
(Arash)
September 5, 2014, 8:44am
5
write your own controller extended from yii\web\Controller then extend all of your controller from it.
vishwasrao
(Vishwasrao Salunkhe)
November 13, 2015, 10:29am
6
Hi,
If you want to add access control to all your controller actions. Please add below code in main config file under components section.
'as access' => [
'class' => \yii\filters\AccessControl::className(),//AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'actions' => ['logout', 'index'], // add all actions to take guest to login page
'allow' => true,
'roles' => ['@'],
],
],
],
jonny
(Jonny)
February 5, 2016, 2:04pm
7
This doesn’t work for me, when I put it under my component section. Has something changed in Yii2 releases?
jacmoe
(Jacob Moen)
February 5, 2016, 2:06pm
8
When he says ‘under’ he really means ‘following’ the components section, not inside it.
wilsonim
(Wilson Im)
June 23, 2016, 7:25am
10
do you mean under component ?
'components => [ ... ],
'as access' => [
'class' => \yii\filters\AccessControl::className(),//AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'actions' => ['logout', 'index'], // add all actions to take guest to login page
'allow' => true,
'roles' => ['@'],
],
],
],
'db' => require(__DIR__ . '/db.php'),
wilsonim
(Wilson Im)
June 25, 2016, 5:01am
11
do you mean under component ?
'components => [ ... ],
'as access' => [
'class' => \yii\filters\AccessControl::className(),//AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'actions' => ['logout', 'index'], // add all actions to take guest to login page
'allow' => true,
'roles' => ['@'],
],
],
],
'db' => require(__DIR__ . '/db.php'),
I already figure it out. in folder config\web.php
'components' => [ ... ],
'as access' => [
'class' => \yii\filters\AccessControl::className(),//AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'actions' => ['logout', 'index'], // add all actions to take guest to login page
'allow' => true,
'roles' => ['@'],
],
],
],
'params' => $params,