Reputation: 533
Forbidden (#403) - You are not allowed to perform this action?
This is backend SiteController.php access rules. When I going through this url site.com/backend/web/site/login. Its showing Forbidden (#403).
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'actions' => ['logout', 'index', 'addhotels'],
'allow' => true,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
Upvotes: 2
Views: 9446
Answers (4)
Reputation: 1
Maybe you are already logged in as a user while trying to access the login page. This will throw a ForbiddenHttpException. Or you can customize this behavior by configuring the denyCallback property:
[
'class' => AccessControl::className(),
'rules' => [...],
'denyCallback' => function ($rule, $action) {
//Add your error handler here
throw new \Exception('You are not allowed to access this page');
}
]
See official guide/documentation here
Upvotes: 0
Reputation: 1983
An Error occurred while handling another error: exception 'yii\web\ForbiddenHttpException' with message 'You are not allowed to perform this action.' in C:\wamp\www\k\kometonline\vendor\yiisoft\yii2\filters\AccessControl.php:151
I was getting this error too and found this page through Google so hopefully this will help other people.
The error happens because you've added access control but you also need to explicitly allow the 'error' action in the site controller otherwise you'll get the same error. It's not immediately obvious because there isn't an action for it, also add the 'captcha' action, or you'll get the same problem with that.
In your site controller:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['register','login'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout'],
'allow' => true,
'roles' => ['@'],
],
[
//see captcha and error added here, this fixes the issue
'actions' => ['contact', 'about', 'terms', 'forgot', 'reset-password', 'captcha', 'error'],
'allow' => true,
'roles' => ['?', '@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
Upvotes: 6
Reputation: 149
I would also like to know how to allow non-logged in users to not receive Forbidden error in Backend. I am simply trying to renderPartial a test view with a single
<h1>Test</h1>
and I receive the Forbidden error.
Upvotes: 0
Reputation: 3818
You need to remove login action from AccessControl list. or add ? as roles for guest user in AccessControl.
For Example,
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
'roles' => ['?'], // " ? " for guest user
],
[
'actions' => ['logout', 'index', 'addhotels'],
'allow' => true,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
Upvotes: 0
Related Questions
- Php with Nginx - 403 Forbidden
- Yii2 Gii Forbidden code 403 You are not allowed to access this page
- Forbidden (#403) - You are not allowed to perform this action [Yii2]
- Method not allowed(#405)
- Installing Yii2 - 403 Forbidden page
- Why do I get an Access forbidden in Apache?
- Yii Rights :: Error 403 You Are Not Authorized To Perform This Action
- yii2.0 gives 403 error while running http://localhost/~name/yii2hello/backend/web/index.php?r=site/say
- Yii - Error 403 You are not authorized to perform this action
- Yii getting Error 403 even if logged in as an admin