I have a member module, for which I have created a separate login system using the following in MemberModule.php:
Now I want to have a page that is outside of this module (in the root of the site) which requires the user to be logged in (in the Member module) to access it.
I want to do this without having to replicate the above values in main.php, the reason for this is because there may be similar instances where users would need to be logged in to a different module.
So basically I have a controller action on which I apply accessRules filter:
And if the user tries to the access the page and they are not logged in to member module, then they should be redirected to ‘member/default/login’, upon successful authentication they should return to original page.
The approach is wrong as you will make your users angry by forcing them to login in 100 places.
Use the RBAC provided by Yii and assign permissions per modules .
If a user has permission to access that module, let it access, else throw a warning / error whatever.
Hi thanks for the reply. Well perhaps I didn’t describe properly, but a user will only ever need to be logged in to one module. Different user types will have different modules, for example members, suppliers and admins.
What I’m saying is, the page ‘/mysite/jobs/apply/id/10’ doesn’t belong to a module, but it should only be accessible if a user is logged in to the member module.
Currently when I try to enforce authentication on this page it is redirecting to ‘site/login’, when instead it needs to redirect to ‘member/default/login’.
OK what I’ve done now is taken out the login config from MemberModule.php and just put it in main.php. This means that the user will be logged in to ‘site’ and I just need to perform checks in the modules to determine whether the user can access them.