Yii2 require all Controller and Action to login
Question
In my sitecontroller I write like this
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'actions' => ['logout', 'index' ,'call-back'], // add all actions to take guest to login page
'allow' => true,
'roles' => ['@'],
],
],
],
so If I go to index or call-back action,I'll redirected to login page. but I have to do it for all action to each controller. Could you tell me the best way to do it?
4 answers
solution1
30 ACCPTED 2015-05-06 05:22:14
Place this rule in the beginning of the rules section:
[
'allow' => true,
'roles' => ['@'],
],
Omitting the actions means all actions.
So your AccessControl config will be like this:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'roles' => ['@'],
],
// ...
],
],
];
}
Keep in mind that rules are applied in order they are declared.
To do it globally without inheritance, add the as beforeRequest array below (not inside!) the components declaration in your application config:
'components' => [ ... ],
'as beforeRequest' => [
'class' => 'yii\filters\AccessControl',
'rules' => [
[
'allow' => true,
'actions' => ['login'],
],
[
'allow' => true,
'roles' => ['@'],
],
],
'denyCallback' => function () {
return Yii::$app->response->redirect(['site/login']);
},
],
This code will run before each request and block all actions except login for guests.
Make sure that there is no login action in other controllers than SiteController . If there are (and for example they are for different purposes), block them explicitly in according controllers. But it's pretty rare case.
solution2
6 2015-10-25 19:03:03
If you want to add access control to all your controller actions. Please add below code in main config file under components section.
'as access' => [
'class' => \yii\filters\AccessControl::className(),//AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'actions' => ['logout', 'index'], // add all actions to take guest to login page
'allow' => true,
'roles' => ['@'],
],
],
],
solution3
4 2015-05-06 05:25:21
If you omit the " actions "-part from the array completely, it will be valid for all the actions of the controller.
If you want to do it for every controller, just add a layer in between:
class MyAccessController extends \yii\web\Controller
{
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'allow' => true,
'roles' => ['@'],
],
],
];
}
}
And then derive your controller from that class. Or you can put it in a trait and use add it with a use in each controller.
solution4
0 2017-01-04 12:37:03
Try this in following file.
frontend/config/main.php
components =>[ your stuff ],
'as beforeRequest' =>
[
'class' => 'yii\filters\AccessControl',
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'allow' => true,
'roles' => ['@'],
],
],
],
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.