Yii2 require all Controller and Action to login

php yii yii2
Ngoun Thavy picture Ngoun Thavy · May 6, 2015 · Viewed 27.7k times · Source

In my sitecontroller I write like this

    'access' => [
        'class' => AccessControl::className(),
        'rules' => [
            [
                'actions' => ['login', 'error'],
                'allow' => true,
            ],
            [
                'actions' => ['logout', 'index' ,'call-back'], // add all actions to take guest to login page
                'allow' => true,
                'roles' => ['@'],
            ],
        ],
    ],

so If I go to index or call-back action,I'll redirected to login page. but I have to do it for all action to each controller. Could you tell me the best way to do it?

Answer

arogachev picture arogachev · May 6, 2015

Place this rule in the beginning of the rules section: 

[
    'allow' => true,
    'roles' => ['@'],
],

Omitting the actions means all actions.

So your AccessControl config will be like this:

public function behaviors()
{
    return [
        'access' => [
            'class' => AccessControl::className(),
            'rules' => [
                [
                    'allow' => true,
                    'roles' => ['@'],
                ],

                // ...
            ],
        ],
    ];
}

Keep in mind that rules are applied in order they are declared.

To do it globally without inheritance, add the as beforeRequest array below (not inside!) the components declaration in your application config:

'components' => [ ... ],
'as beforeRequest' => [
    'class' => 'yii\filters\AccessControl',
    'rules' => [
        [
            'allow' => true,
            'actions' => ['login'],
        ],
        [
            'allow' => true,
            'roles' => ['@'],
        ],
    ],
    'denyCallback' => function () {
        return Yii::$app->response->redirect(['site/login']);
    },
],

This code will run before each request and block all actions except login for guests.

Make sure that there is no login action in other controllers than SiteController. If there are (and for example they are for different purposes), block them explicitly in according controllers. But it's pretty rare case.

Related questions

Yii2 data provider default sorting

In Yii 1.1 this code works for default sorting: $dataProvider = new CActiveDataProvider('article',array( 'sort'=>array( 'defaultOrder'=>'id DESC', ), )); How default sorting can be set in Yii2? Tried below code, but no result: $dataProvider = new ActiveDataProvider([ 'query' => $query, …

Read More
Yii2 How to perform where AND or OR condition grouping?

I am new to Yii-2 framework. How can i achieve following query in Yii-2 framework using activeQuery and models. SELECT * FROM users AS u WHERE u.user_id IN(1,5,8) AND (u.status = 1 OR u.verified = 1) OR (u.social_account = 1 AND …

Read More
Getting base URL in Yii 2

I am trying to get the base URL for the project in Yii 2 but it doesn't seem to work. According to this page you used to be able to do: Yii::app()->getBaseUrl(true); In Yii 1, but it …

Read More