Newbies Question To Yii2, How Can I Force User To Login?

steve3d · May 13, 2014, 3:09am

I’m new to yii framework, now yii2 have entered beta, So I decided to start with yii 2.0.

my web application has a very long development period, might be over a year from now on. and because Yii 1.x and 2.x are not compatible, so these are two reasons why I don’t want to start with yii 1.x

What I’m doing is to create some kind of backend application, and users are created inside the backend, so unregistered user can only access the login and forgot-password action.

I’ve found a lot of articles about how to force guest users to login before they can do any actions. but all these techniques don’t work in yii2.

and according to the guide 2.0 http://www.yiiframework.com/doc-2.0/guide-authorization.html, so I change the SiteController::behaviors like this:




    public function behaviors()

    {

        return [

            'access' => [

                'class' => AccessControl::className(),

                'only' => ['login'],

                'rules' => [

                    [

                        'actions' => ['login'],

                        'allow' => true,

                        'roles' => ['?'],

                    ],

                    [

                        'allow' => false,

                        'roles' => ['?'],

                    ],            

                ],

            ],

        ];

    }

then guest user still can access everything in the basic application template.

So how can I force the guest users can only view the login action page?

Thanks

kartikv · May 13, 2014, 3:16am

Just set all actions for authorized logins only and prevent guests (which will take them automatically to login page). In your controller behaviors method…




// part of your behaviors() method

'access' => [

    'class' => AccessControl::className(),

    'rules' => [

        [

            'actions' => ['login', 'error'],

            'allow' => true,

        ],

        [

            'actions' => ['logout', 'index'], // add all actions to take guest to login page

            'allow' => true,

            'roles' => ['@'],

        ],

    ],

],

steve3d · May 13, 2014, 3:24am

wa~~ thanks for quick reply.

And I also checked the backend SiteController of advanced template, then I decided to use this rules to force guest users,




                'rules' => [

                    [

                        'actions' => ['login', 'error'],

                        'allow' => true,

                    ],

                    [

                        'allow' => true,

                        'roles' => ['@'],

                    ],

                ],

            ],

drawlusyk · September 3, 2014, 2:26pm

Hi Guys, Is there a place to put this to govern all controllers of the site, rather than in each individual controller?

Rgds,

Dennis

seyyed · September 5, 2014, 8:44am

write your own controller extended from yii\web\Controller then extend all of your controller from it.

vishwasrao · November 13, 2015, 10:29am

Hi,

If you want to add access control to all your controller actions. Please add below code in main config file under components section.




'as access' => [

        'class' => \yii\filters\AccessControl::className(),//AccessControl::className(),

        'rules' => [

            [

                'actions' => ['login', 'error'],

                'allow' => true,

            ],

            [

                'actions' => ['logout', 'index'], // add all actions to take guest to login page

                'allow' => true,

                'roles' => ['@'],

            ],

        ],

    ],

jonny · February 5, 2016, 2:04pm

This doesn’t work for me, when I put it under my component section. Has something changed in Yii2 releases?

jacmoe · February 5, 2016, 2:06pm

When he says ‘under’ he really means ‘following’ the components section, not inside it.

jonny · February 5, 2016, 2:08pm

Ohhhh! Thanks Jacmoe!

wilsonim · June 23, 2016, 7:25am

do you mean under component ?




'components => [ ... ],

'as access' => [

            'class' => \yii\filters\AccessControl::className(),//AccessControl::className(),

            'rules' => [

                [

                    'actions' => ['login', 'error'],

                    'allow' => true,

                ],

                [

                    'actions' => ['logout', 'index'], // add all actions to take guest to login page

                    'allow' => true,

                    'roles' => ['@'],

                ],

            ],

        ],

'db' => require(__DIR__ . '/db.php'),

wilsonim · June 25, 2016, 5:01am

Wilson IM:

do you mean under component ?




'components => [ ... ],

'as access' => [

            'class' => \yii\filters\AccessControl::className(),//AccessControl::className(),

            'rules' => [

                [

                    'actions' => ['login', 'error'],

                    'allow' => true,

                ],

                [

                    'actions' => ['logout', 'index'], // add all actions to take guest to login page

                    'allow' => true,

                    'roles' => ['@'],

                ],

            ],

        ],

'db' => require(__DIR__ . '/db.php'),

I already figure it out. in folder config\web.php




'components' => [ ... ],

'as access' => [

        'class' => \yii\filters\AccessControl::className(),//AccessControl::className(),

        'rules' => [

            [

                'actions' => ['login', 'error'],

                'allow' => true,

            ],

            [

                'actions' => ['logout', 'index'], // add all actions to take guest to login page

                'allow' => true,

                'roles' => ['@'],

            ],

        ],

    ],

'params' => $params,