Restrict backend access to regular users

I have been working on a CRM web app and I have three main kind of users or roles.

I am working with yii2 Advanced template as follows:

proper.crm for all users

proper.crm/admin for administrators

proper.crm/seller for sellers

I need to restrict that the users with role seller have access to admin site, I need that them only have access to the seller app part of the entire app and the same for the regular users with role user.

I am using the webvimark/user-managemnet extension for users access and RBAC system, but I dont know how to do that.

I need your help and I appreciate your opinions about that.

Thanks in advanced.

Miguel Angel from Colombia.

Do it via built-in Yii access filters as described in the guide.

Hello Samdark! thanks for your response, there is a problem using ACF with Yii2-user-management extension when configuring roles? or the use of the extension is independent of it.

I am using the ACF as follows:




public function behaviors()

    {

        return [

	        'access' => [

                        'class' => AccessControl::className(),

                        'rules' => [

					[

                                'allow' => false,

				'actions' => [],

                                'roles' => ['Doctor'],

                        ],

			[

				'allow' => true,

				'actions' => [],

                                'roles' => ['Admin'],

			],

                ],

            ],

        ];

    }



I read that the role is verified using User::can() method of course RBAC need to be configured, in my case I am using as mentioned yii2-user-management but I don’t know if that affects the validation method User::can() did when ACF is executed.

I ask this because the last code is not working for me.

Thanks in advance.

Miguel Angel

I have no idea about how Yii2-user-management works so can’t help you with that.