I have two applications, both with a frontend and backend and separate db’s.
Application A has the backend and frontend secured with db RBAC.
Application B has the backend only secured with db RBAC, the frontend is currently open to all.
How can I setup the frontend of Application B to require that a user already be logged in to Application A and that the user has the correct role to have permissions to see the frontend of Application B? If they do not then I want to display a generic “you do not have permissions to view this resource” type of message, if they do then I want the login form to redirect to Application B’s frontend until the session expires.
The code for this needs to be able to be easily removed or changed so that I can move Application B to a production environment where Application A will not exist.
I’ve tested this but it doesn’t appear to be working, at least not as I expected it to, so I assume that I’m doing something wrong.
Currently Application A and Application B are both residing on a local development machine so I access them via localhost/AppA/index.php and localhost/AppB/index.php.
As I want AppB to be as portable as possible I have tried to test for Yii::app()->user->isGuest in the index file of AppB. Here is what I currently have:
I have also tried the same configuration but with AppB residing inside AppA so it becomes localhost/AppA/index.php and localhost/AppA/AppB/index.php. That didn’t work either.
I’m thinking that perhaps it has something to do with re-creating AppA with the Yii::createWebApplication but without that I get syntax errors trying to access Yii::app()->user->isGuest.