mbunyan 0 Posted April 29, 2016 Report Share Posted April 29, 2016 I have simple app built on yii2 basic. The data gathered through yii forms and models is used in another web service, and apart from the admin, no one needs to view or access the yii environment. Never the less I want to ensure the admin has to login to do anything, including view. The Site controller seems logical place to do this, but I am not finding this scenario obvious. Does access control have to be added to all affected controllers, or can I configure it once in sitecontroller and meet the objective? Mike B Quote Link to post Share on other sites
Brent Knigge 2 Posted May 4, 2016 Report Share Posted May 4, 2016 Essentially yes, I believe that you would need to do that for each of your actions. There are a couple of ways of doing this. You can do the access control like you've mentioned, or you could use Yii::$app->user->isGuest inside each action method to determine whether the action can be performed. You might be able to set up a 'default' access control in the config file. Haven't looked into that part yet. Hope this helps, Brent Quote Link to post Share on other sites
mbunyan 0 Posted May 4, 2016 Author Report Share Posted May 4, 2016 Thanks Brent, that's what I feared, too much editing. I found this response to similar question at StackOverflow: http://stackoverflow.com/questions/30067849/yii2-require-all-controller-and-action-to-login?rq=1, and implemented 'as beforeRequest' in web config, which did the trick. It's a global setting, which would not suit all situations, but does the job for my app. Mike B Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.