hi there
where to check user authentication and only let admin user can access to backend section?
thanks for reply
hi there
where to check user authentication and only let admin user can access to backend section?
thanks for reply
its not the answer,i know rbac but dont know where in my code use it to prevent casual users can come in backend section
After you have setup the RBAC, you can set the limit in the site controller.
E.G
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['index'],
'allow' => true,
'roles' => ['admin'],
],
],
],
}
In case of advanced app you can even do it without RBAC at all (of course if you don’t need RBAC for other purposes).
You can just have 2 different models for frontend and backend users with 2 DB tables (to avoid duplication they may extend from some common User model).
i have 3 level of users
-admins
-customers
-sellers
by this structure i think its better to use rbac and shared one table for all users
do you think is it good ? or im wrong?
i only want let registered users to access my controllers in backend(for now with out rbac)
how can i do it with out implementing behaviors() function in every controller
thanks