发表新帖
发表新帖

Yii2 require all Controller and Action to login

前端 未结
关注
4 1056
慢半拍i
慢半拍i 2020-12-02 19:07

In my sitecontroller I write like this

    \'access\' => [
        \'class\' => AccessControl::className(),
        \'rules\' => [
            [
相关标签:
4条回答
  • 礼貌的吻别
    2020-12-02 19:50

    If you want to add access control to all your controller actions. Please add below code in main config file under components section. 

    'as access' => [
        'class' => \yii\filters\AccessControl::className(),//AccessControl::className(),
        'rules' => [
            [
                'actions' => ['login', 'error'],
                'allow' => true,
            ],
            [
                'actions' => ['logout', 'index'], // add all actions to take guest to login page
                'allow' => true,
                'roles' => ['@'],
            ],
        ],
    ],
    0 讨论(0)
  • 情歌与酒
    2020-12-02 19:58

    If you omit the "actions"-part from the array completely, it will be valid for all the actions of the controller.

    If you want to do it for every controller, just add a layer in between:

    class MyAccessController extends \yii\web\Controller
{
    public function behaviors() 
    {
         return [
            'access' => [
            'class' => AccessControl::className(),
            'rules' => [
                [
                   'actions' => ['login', 'error'],
                   'allow' => true,
                ],
                [
                   'allow' => true,
                   'roles' => ['@'],
                ],
             ],
         ];
     }       
 }

    And then derive your controller from that class. Or you can put it in a trait and use add it with a use in each controller.

    0 讨论(0)
  • 闹比i
    2020-12-02 20:05

    Place this rule in the beginning of the rules section: 

    [
    'allow' => true,
    'roles' => ['@'],
],

    Omitting the actions means all actions.

    So your AccessControl config will be like this:

    public function behaviors()
{
    return [
        'access' => [
            'class' => AccessControl::className(),
            'rules' => [
                [
                    'allow' => true,
                    'roles' => ['@'],
                ],

                // ...
            ],
        ],
    ];
}

    Keep in mind that rules are applied in order they are declared.

    To do it globally without inheritance, add the as beforeRequest array below (not inside!) the components declaration in your application config:

    'components' => [ ... ],
'as beforeRequest' => [
    'class' => 'yii\filters\AccessControl',
    'rules' => [
        [
            'allow' => true,
            'actions' => ['login'],
        ],
        [
            'allow' => true,
            'roles' => ['@'],
        ],
    ],
    'denyCallback' => function () {
        return Yii::$app->response->redirect(['site/login']);
    },
],

    This code will run before each request and block all actions except login for guests.

    Make sure that there is no login action in other controllers than SiteController. If there are (and for example they are for different purposes), block them explicitly in according controllers. But it's pretty rare case.

    0 讨论(0)
  • 后悔当初
    2020-12-02 20:07

    Try this in following file. 

    frontend/config/main.php


components =>[ your stuff ],
'as beforeRequest' => 
            [
                'class' => 'yii\filters\AccessControl',
                'rules' =>  [
                                [
                                     'actions' => ['login', 'error'],
                                     'allow' => true,
                                ],
                                [
                                    'allow' => true,
                                    'roles' => ['@'],
                                ],
                            ],
            ],
    0 讨论(0)
 看不清?
提交回复
热议问题