Reputation: 15
yii2 Access control is not working
This is my code. without login also i can enter into the home page. when press on logout button its takes me to the login page. if i load again the home page without login it works. how i resolve this issue?
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'rules' => [
[
'allow' => true,
'actions' => [],
'roles' => ['?'],
],
[
'actions' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'allow' => true,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
Upvotes: 1
Views: 1172
Answers (3)
Reputation: 150
First of all you can set login url will access everyone.
roles => ['?']
and logout action will access only login user
roles => ['@']
Rest all the action you can add in this function
'rules' => [
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout'],
'allow' => true,
'roles' => ['@'],
],
],
Upvotes: 0
Reputation: 25322
You should read this : http://www.yiiframework.com/doc-2.0/guide-security-authorization.html
actions: specifies which actions this rule matches. This should be an array of action IDs. The comparison is case-sensitive. If this option is empty or not set, it means the rule applies to all actions.
So you should simply try :
'rules' => [
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'allow' => true,
'roles' => ['@'],
],
],
Upvotes: 1
Reputation: 133400
I think you should restrict the access to guest only to the login page
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['login',],
'rules' => [
[
'allow' => true,
'actions' => [],
'roles' => ['?'],
],
[
'actions' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'allow' => true,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
Upvotes: 0
Related Questions
- PHP sessions (user/admin) user levels
- PHP array delete by value (not key)
- how to bypass Access-Control-Allow-Origin?
- Login access not working in yii2
- Using access control in yii2
- Yii2 - RBAC Control Not working
- Create a new email account from php script on dovecot/postfix
- Login & home page issues?
- Build a Better Access Control System