yii2 Access control is not working
Question
This is my code. without login also i can enter into the home page. when press on logout button its takes me to the login page. if i load again the home page without login it works. how i resolve this issue?
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'rules' => [
[
'allow' => true,
'actions' => [],
'roles' => ['?'],
],
[
'actions' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'allow' => true,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
3 answers
solution1
1 2016-04-04 13:06:44
You should read this : http://www.yiiframework.com/doc-2.0/guide-security-authorization.html
actions: specifies which actions this rule matches. This should be an array of action IDs. The comparison is case-sensitive. If this option is empty or not set, it means the rule applies to all actions .
So you should simply try :
'rules' => [
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'allow' => true,
'roles' => ['@'],
],
],
solution2
0 2016-04-04 12:15:24
I think you should restrict the access to guest only to the login page
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['login',],
'rules' => [
[
'allow' => true,
'actions' => [],
'roles' => ['?'],
],
[
'actions' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'allow' => true,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
solution3
0 2016-12-28 12:30:54
First of all you can set login url will access everyone.
roles => ['?']
and logout action will access only login user
roles => ['@']
Rest all the action you can add in this function
'rules' => [
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout'],
'allow' => true,
'roles' => ['@'],
],
],
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.