I'm trying to get login page before going admin page in Yii2. For example when I write on browser http://project/admin/ should redirect me on login page as http://project/admin/login.Please anyone help me.
In Module.php
public function behaviors(){
return [
'access' => [
'class' => \yii\filters\AccessControl::className(),
'rules' => [
[
'allow' => true,
'roles' => ['#']
],
],
],
];
}
public function init()
{
parent::init();
Yii::$app->user->loginUrl = '/admin/main/login';
}
You just need to set rules (inside you behavior method) saying which actions are allowed to be accessed when the user is logged or not. In your case, the login action can be accessed when the user is not logged, like this:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'allow' => true,
'roles' => ['#'],
],
],
],
];
}
Related
I use the AuthComponent and I want when the session expires and the user press a link or refreshes, to redirect him on the login page.
However for some actions I don't want above redirect, even if user is logged out, as they are used as an API by another application also.
For example, I want to allow the 'view' action for logged-out users, but redirect the 'index' action.
My AppController.php is:
$this->loadComponent('Auth', [
'authorize' => [
'Acl.Actions' => ['actionPath' => 'controllers/']
],
'authenticate' => [
'Form' => [
'fields' => [
'username' => 'username',
'password' => 'password'
]
]
],
'loginAction' => [
'plugin' => false,
'controller' => 'Users',
'action' => 'login'
],
'loginRedirect' => [
'controller' => 'Pages',
'action' => 'index',
'plugin' => 'Pages'
],
'logoutRedirect' => [
'plugin' => false,
'controller' => 'Users',
'action' => 'login'
],
]);
If I add below, 'index' is also working if user is logged-out, even though it should be in deny state.
MyController.php
public function beforeFilter(\Cake\Event\Event $event)
{
$this->Auth->allow('view');
The only way I managed to do what I want is to add it in the controller action as:
MyController.php
public function index()
{
if (empty($this->auth_user['username'])) {
return $this->redirect($this->Auth->logout());
}
Is there a better way to do this?
I have a project where I am implementing an existing Yii project on top. The issue is the new Yii project has its own user login and authentication. I want to allow anyone access by global rights or just remove all of the authentication all together and use my own page authentication.
In my site controller I have modified to:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'roles' => ['?'],
],
// ...
],
],
];
}
I have removed the actionLogin() and actionLogout() from this site controller as well but am still sent to the logon page.
*: any user, including both anonymous and authenticated users.
?: anonymous users.
#: authenticated users.
This is what I have added:
https://github.com/gugoan/economizzer
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::classname(),
'only' => ['index','create','update','delete','view','target','accomplishment','overview','performance'],
'rules' => [
[
'allow' => true,
'roles' => ['*']
],
]
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post'],
],
],
];
}
There is no role *, you need to use:
'roles' => ['?', '#']
I am designing a system but I need to give the admin user the power to create roles and assign a set of permissions against them.
Currently in the RBAC
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['index','view'], // these action are accessible
//only the yourRole1 and yourRole2
'allow' => true,
'roles' => ['yourRole1', 'yourRole2'],
],
[ // all the action are accessible to superadmin, admin and manager
'allow' => true,
'roles' => ['superAdmin', 'admin', 'manager'],
],
],
],
];
}
However what I ideally need is
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['index','view'],
'allow' => true,
'permission' => ['canView'],
],
[
'actions' => ['update','delete'], // these action are accessible
'allow' => true,
'permission' => ['canDelete', 'canUpdate'],
],
],
],
];
}
By doing this and creating a set of permissions an admin user can then create roles, assign permissions and assign roles to users.
Does anyone know of a package for yii2 that does this?
The AccessControl Filter you are using already allows you to do that via the "permissions" field.
[
'actions' => ['index','view'],
'allow' => true,
'permissions' => ['canView'],
],
Check the documentation:
http://www.yiiframework.com/doc-2.0/yii-filters-accessrule.html#$permissions-detail
HI I just discovered Yii framework and I need some guidelines to implement this...
Yii2 RBAC - Official Guide
...in my RESTful app. I know I have to override the method [checkAccess][3]() in my controllers but I can't found any example. My API has token based Beare autentication and sessions are disabled (stateless).
In your controller:
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => CompositeAuth::className(),
'authMethods' => [
HttpBearerAuth::className(),
],
];
// add CORS filter
$behaviors['corsFilter'] = [
'class' => Cors::className(),
'cors' => [
'Origin' => ['*'],
'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
'Access-Control-Request-Headers' => ['*'],
],
];
// avoid authentication on CORS-pre-flight requests (HTTP OPTIONS method)
$behaviors['authenticator']['except'] = ['options', 'login', 'signup'];
$behaviors['access'] = [
'class' => AccessControl::className(),
'only' => [
'update',
'delete',
'view',
'index',
],
'rules' => [
[
'actions' => [
'update',
'delete',
'view',
'index',
],
'allow' => true,
'roles' => ['#'],
],
],
];
$behaviors['verbFilter'] = [
'class' => VerbFilter::className(),
'actions' => [
'signup' => ['POST'],
'login' => ['POST'],
'update' => ['PUT'],
'delete' => ['DELETE'],
'view' => ['GET'],
'index' => ['GET'],
],
];
return $behaviors;
}
This question already has answers here:
Yii2 global filter/behavior to force user to authenticate first
(2 answers)
Closed 7 years ago.
I am new to Yii2.
How can i check if user is logged in or not?
If user is not logged in then it should redirect to login page.
Is there any global solution?
I set the 'access' behaviors in all controllers
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['logout', 'signup'],
'rules' => [
[
'actions' => ['signup'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout'],
'allow' => true,
'roles' => ['#'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
or check the Yii::$app->user->isGuest value