heron
Reputation: 3661
Yii2 access controll rule doesn't deny guests
Here is code that I use for allowing authenticated users to do some actions
'access' => [
'class' => AccessControl::className(),
'only' => ['logout', 'signup'],
'rules' => [
[
'actions' => ['show'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['create', 'edit'],
'allow' => true,
'roles' => ['@'],
],
],
],
But this rules allow guests to enter create action. Afaik, by default guest users must be denied. What am I doing wrong?
Upvotes: 1
Views: 915
Answers (1)
Chinmay Waghmare
Reputation: 5456
Modify your code to:
'access' => [
'class' => AccessControl::className(),
'only' => ['logout', 'signup', 'create', 'edit'],
'rules' => [
[
'actions' => ['show'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['create', 'edit'],
'allow' => true,
'roles' => ['@'],
],
],
],
Only array should contain List of action IDs that this filter should apply to.
Upvotes: 1
Related Questions
- Yii2 AccessControl - Strange behavior for deny access
- Yii2 Restricted AccessControlFilter Logic
- yii2 Access control is not working
- Using access control in yii2
- Yii2 access rules (AccessControl) strange result
- yii2 disable access by right part of routing rule
- Yii - Custom access control criteria
- Yii framework: access rules not working properly
- Yii - Access Rules Issue
- yii access control filter rules in controllers