liu jin long
Reputation: 69
Yii2 restrict access by usernames
I use a yii2 login-logout and has a funky database with no roles. Is it possible to restrict some users on the database accessing the website?
Can you show me how?
Upvotes: 1
Views: 456
Answers (2)
liu jin long
Reputation: 69
My issue is more on the fact that there is just 2 usernames I want to banned from connecting, but the rest are able to connect, in a simple code in the common/models/users, I added this code:
public static function findByUsername($username)
{
/*code for restriction of users */
if($username =='admin' || $username =='lui.jin.long'){
//do nothing.
}else{
return static::findOne(['USR_USERNAME' => $username, 'USR_STATUS' => self::STATUS_ACTIVE]);
}
}
On a more standard approach it is best to use a RBAC.
Upvotes: 0
chaintng
Reputation: 1343
One of the very easy way, you can use expression for the allow key like following in the controller class.
public function behaviors() {
return [
'access' => [
'class' => AccessControl::className(),
// 'only' => ['logout', 'signup', 'dashboard'],
'rules' => [
[
'actions' => ['dashboard', 'send-mail'],
'allow' => Utils::isAdmin(),
],
]
];
}
learn more in this article: https://github.com/yiisoft/yii2/blob/master/docs/guide/security-authorization.md
Upvotes: 1
Related Questions
- Yii2 Allow access to only specific controllers and restrict access to other controller
- How to allow user's to access specific controller as a guest in yii2
- Yii2- How to restrict a user from viewing others data in index page
- yii2 how to deny access Yii::$app->db in view
- how to limit access url view on yii2 by id
- Using access control in yii2
- Prevent show data from another user
- Yii - Custom access control criteria
- How to make sure a user can only see and access their own data in Yii
- Yii framework : role based access control