Yii2 Authentication

[mbunyan]

I have simple app built on yii2 basic. The data gathered through yii forms and models is used in another web service, and apart from the admin, no one needs to view or access the yii environment. Never the less I want to ensure the admin has to login to do anything, including view.

 

The Site controller seems logical place to do this, but I am not finding this scenario obvious. Does access control have to be added to all affected controllers, or can I configure it once in sitecontroller and meet the objective?

 

Mike B

[Brent Knigge]

Essentially yes, I believe that you would need to do that for each of your actions.  

 

There are a couple of ways of doing this.  You can do the access control like you've mentioned, or you could use Yii::$app->user->isGuest inside each action method to determine whether the action can be performed.  

 

You might be able to set up a 'default' access control in the config file.  Haven't looked into that part yet.

 

Hope this helps,

 

Brent

[mbunyan]

Thanks Brent, that's what I feared, too much editing.

 

I found this response to similar question at StackOverflow: http://stackoverflow.com/questions/30067849/yii2-require-all-controller-and-action-to-login?rq=1, and implemented 'as beforeRequest' in web config, which did the trick. It's a global setting, which would not suit all situations, but does the job for my app.

 

Mike B