I have a yii2 advanced template app with yii2-user installed and the native yii2 rbac features enabled.
I now want to restrict access to the backend to admins (which is a role) only.
On stackoverflow someone else had the same question: http://stackoverflow.com/questions/27935155/yii2-deny-user-login-on-backend
According to the answers, I have to implement this not with rbac but with acf.
I tried both TomaszKane and Bsienn’s answers. This technically works, but it displays a nasty error message that I don’t want to show my users. I thus tried to modify it and came up with this:
'access' => [
'class' => AccessControl::className(),
'denyCallback' => function ($rule, $action) {
echo 'you are logged out';
//throw new \Exception('You are not allowed to access this page');
},
'rules' => [
[
'actions' => ['logout, index'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => [],
'allow' => true,
'roles' => ['admin'],
],
],
],
Now there is another problem I don’t know how to solve. If I login in as a non-admin it says ’ ‘you are logged out’ - even if I try to access user/login I get redirected to the the root and it displays ’ you are logged out’. I first have to delete the yii cookies to be able to access user/login again. What’s causing this and how can I solve this? I want the user to always be able to access user/login.