I have 2 controllers with some actions, I want to all requests expect those actions in the 2 controllers to be routed to invalid request page, how can I do that?
suppose:
controller1 => action1, action2, action3 allowed
controller2 => action4, action5, action6 allowed
all other requests should be go to bad request page.
Thank you.
Use Access Control, e.g. for controller 1:
public function behaviors()
{
return [
'access' => [
'class' => \yii\filters\AccessControl::className(),
'only' => ['action1', 'action2', 'action3'],
'rules' => [
[
'allow' => true,
],
// everything else is denied
],
],
];
}
As gmc specified you should use Access Control , however you might want to specify the "bad request" page.
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['action1', 'action2', 'action3'],
'rules' => [
[
'allow' => true,
],
],
'denyCallback' => function($rule, $action) {
return $this->redirect(['controller/action']);
}
],
];
}
Related
We developed our own api for mobile applications, which works on the basis of post requests, but after reinstalling the project on a new server, Yii :: $ app-> request-> post () always returns an empty value. At the same time, Yii :: $ app-> request-> getRawBody () contains a value, but I would not want to rewrite all api.
Tell me what could be the problem and which way to dig? Thanks in advance.
Sending through a mobile application or post through RestClient PHPStorm. Returns emptiness always.
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::class,
'only' => ['logout', 'signup'],
'rules' => [
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['login'],
'allow' => true,
'roles' => ['#'],
],
],
],
'verbs' => [
'class' => VerbFilter::class,
'actions' => [
'login' => ['post', 'get'],
'token' => ['post', 'get'],
'logout' => ['post', 'get'],
],
],
];
}
public function beforeAction($action) {
$this->enableCsrfValidation = false;
return parent::beforeAction($action);
}
public function actionLogin()
{
return Yii::$app->request->post("username");
}
Could be your request is by get() method
$app->request->get();
After a new reinstallation of the project, the problem resolved by itself. Thanks to all.
I have two login systems in my Yii2 application. First is default login system using User table, and second uses sms_account table. In custom controller I've created action for login, actionLogin(). I've added access control for my custom controller, but I'm having problem that when a person is not logged in, it redirects to site/login. I want to change redirect to custom-controller/login URL in Yii2 access control. My code is:
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post'],
],
],
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login'],
'allow' => false,
'roles' => ['#']
],
[
'actions' => ['home'],
'allow' => true,
'roles' => ['#']
]
]
]
];
}
Can anyone tell me how to change access control URL?
You should simply configure your user component :
'user' => [
// ...
'loginUrl' => ['custom-controller/login'],
],
Read more about yii\web\User::$loginUrl.
And it should be :
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?']
],
Read more about Authorization in Yii2.
This is my updated answer . I thinks it's help you
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['index','logout','client-create'], // your own action which permission the login
'rules' => [
[
'actions' => ['index','logout','client-create'], // your own action which permission the login
'allow' => true,
'roles' => ['#'],
],
],
'denyCallback' => function($rule, $action) {
Yii::$app->response->redirect(['login/login']);
},
],
];
}
Try this code.
Note:roles
[
'actions' => ['home'],
'allow' => true,
'roles' => ['?']
'matchCallback' => function ($rule, $action) {
return $this->redirect('index.php?r=controller/action');
}
]
How to navigate to index method without automatic login in frontend contoller ?
Extends behaviors method in SiteController:
use yii\filters\AccessControl;
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['index'],
'allow' => true,
],
[
'allow' => true,
'roles' => ['#'],
],
],
],
];
}
So index action will be available to everyone, instead other pages will require authentication
I have a backend project on my ssl server, like ssl.mybackend.com, with following:
class FormController extends Controller
{
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['index', 'delete', 'view', 'create'],
'allow' => true,
'roles' => ['#'], //only authorized users
],
[
'actions'=> ['create-order'],
'allow'=>true //change all users to "myfrontend.com"
]
],
],
];
}
I need to grant an access to create-order action only to my frontend website.
I am not sure if it's possible to do with AccessControl and appreciate if you could advise other solutions.
If you want to use ajax calls from frontend on another domain, you should use corsFilter instead. Example from documentation:
public function behaviors()
{
return [
'corsFilter' => [
'class' => \yii\filters\Cors::className(),
'cors' => [
// restrict access to
'Origin' => ['http://www.myserver.com', 'https://www.myserver.com'],
'Access-Control-Request-Method' => ['POST', 'PUT'],
// Allow only POST and PUT methods
'Access-Control-Request-Headers' => ['X-Wsse'],
// Allow only headers 'X-Wsse'
'Access-Control-Allow-Credentials' => true,
// Allow OPTIONS caching
'Access-Control-Max-Age' => 3600,
// Allow the X-Pagination-Current-Page header to be exposed to the browser.
'Access-Control-Expose-Headers' => ['X-Pagination-Current-Page'],
],
],
];
}
Cross Origin Resource Sharing in Yii2
I added help.php under backend/views/site and I declare a function under SiteController.php to be able to recognize the link
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'actions' => ['logout', 'index'],
'allow' => true,
'roles' => ['#'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
public function actionHelp()
{
return $this->render('help');
}
The link is now accessible but it gives me an error
Forbidden(#403) and it says "You are not allowed to perform this action."
Now, I would like to ask if how will I be able to view the web pages that I've created. Thanks in advance.
The problem is related with AccessControl filter.
You can add help action to the this list of allowed actions for example like this:
[
'actions' => ['login', 'error', 'help'],
'allow' => true,
],
You can read more and check how access rules are applied in according documentation section.