How to set flash message in Yii2 after denied access to controller - php

How to set flash message in Yii2 after denied access to controller?
Here is how deny access http://www.yiiframework.com/doc-2.0/yii-filters-accesscontrol.html :
public function behaviors()
{
return [
'access' => [
'class' => \yii\filters\AccessControl::className(),
'only' => ['create', 'update'],
'rules' => [
// deny all POST requests
[
'allow' => false,
'verbs' => ['POST']
],
// allow authenticated users
[
'allow' => true,
'roles' => ['#'],
],
// everything else is denied
],
],
];
}
after this it redirects to site/login. how can I make flash message there like "This section is only for registered users"?


Could you try adding a callback for denial? I hope this works:
public function behaviors()
{
return [
'access' => [
'class' => \yii\filters\AccessControl::className(),
'only' => ['create', 'update'],
'rules' => [
// deny all POST requests
[
'allow' => false,
'verbs' => ['POST']
],
// allow authenticated users
[
'allow' => true,
'roles' => ['#'],
],
// everything else is denied
],
'denyCallback' => function ($rule, $action) {
Yii::$app->session->setFlash('error', 'This section is only for registered users.');
Yii::$app->user->loginRequired();
},
],
];
}


Also you can add denyCallback to each rule:
[
'allow' => false,
'roles' => ['#'],
'denyCallback' => function($rule, $action) {
// callback logic
}
]

Related

Yii 2 Routing all request to invalid request page expect certain actions

I have 2 controllers with some actions, I want to all requests expect those actions in the 2 controllers to be routed to invalid request page, how can I do that?
suppose:
controller1 => action1, action2, action3 allowed
controller2 => action4, action5, action6 allowed
all other requests should be go to bad request page.
Thank you.

Use Access Control, e.g. for controller 1:
public function behaviors()
{
return [
'access' => [
'class' => \yii\filters\AccessControl::className(),
'only' => ['action1', 'action2', 'action3'],
'rules' => [
[
'allow' => true,
],
// everything else is denied
],
],
];
}

As gmc specified you should use Access Control , however you might want to specify the "bad request" page.
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['action1', 'action2', 'action3'],
'rules' => [
[
'allow' => true,
],
],
'denyCallback' => function($rule, $action) {
return $this->redirect(['controller/action']);
}
],
];
}

How to change access controller redirect/login URL in Yii2?

I have two login systems in my Yii2 application. First is default login system using User table, and second uses sms_account table. In custom controller I've created action for login, actionLogin(). I've added access control for my custom controller, but I'm having problem that when a person is not logged in, it redirects to site/login. I want to change redirect to custom-controller/login URL in Yii2 access control. My code is:
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post'],
],
],
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login'],
'allow' => false,
'roles' => ['#']
],
[
'actions' => ['home'],
'allow' => true,
'roles' => ['#']
]
]
]
];
}
Can anyone tell me how to change access control URL?

You should simply configure your user component :
'user' => [
// ...
'loginUrl' => ['custom-controller/login'],
],
Read more about yii\web\User::$loginUrl.
And it should be :
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?']
],
Read more about Authorization in Yii2.

This is my updated answer . I thinks it's help you
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['index','logout','client-create'], // your own action which permission the login
'rules' => [
[
'actions' => ['index','logout','client-create'], // your own action which permission the login
'allow' => true,
'roles' => ['#'],
],
],
'denyCallback' => function($rule, $action) {
Yii::$app->response->redirect(['login/login']);
},
],
];
}

Try this code.
Note:roles
[
'actions' => ['home'],
'allow' => true,
'roles' => ['?']
'matchCallback' => function ($rule, $action) {
return $this->redirect('index.php?r=controller/action');
}
]

How to redirect to a specific method Yii2 (Advanced Template) ?

How to navigate to index method without automatic login in frontend contoller ?

Extends behaviors method in SiteController:
use yii\filters\AccessControl;
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['index'],
'allow' => true,
],
[
'allow' => true,
'roles' => ['#'],
],
],
],
];
}
So index action will be available to everyone, instead other pages will require authentication

Yii2 REST queryparamauth with rules

As I know simple authentication for REST like in this guide
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => QueryParamAuth::className(),
];
return $behaviors;
}
But I want provide some rules to handle guest access? like access control from authorization guide like this
$behaviors['access'] = [
'class' => AccessControl::className(),
'rules' => [
// allow authenticated users
[
'allow' => true,
'actions' => ['some-action'],
'roles' => ['?'],
],
[
'allow' => true,
'roles' => ['#'],
],
// everything else is denied
],
];
If I access some_guest_action as guest without access-token, it will be fine,
but if I access with access-token, Yii::$app->user->getId() always return null value
My complete code like this
public function behaviors()
{
$behaviors = parent::behaviors();
$behavior['authenticator'] = [
'class' => QueryParamAuth::className(),
];
$behaviors['access'] = [
'class' => AccessControl::className(),
'rules' => [
// allow authenticated users
[
'allow' => true,
'actions' => ['some-action'],
'roles' => ['?'],
],
[
'allow' => true,
'roles' => ['#'],
],
// everything else is denied
],
];
return $behaviors;
}
public function actionSomeAction()
{
return Yii::$app->user->getId();
}

Yii2 Advanced Template: Adding stand-alone web pages

I added help.php under backend/views/site and I declare a function under SiteController.php to be able to recognize the link
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'actions' => ['logout', 'index'],
'allow' => true,
'roles' => ['#'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
public function actionHelp()
{
return $this->render('help');
}
The link is now accessible but it gives me an error
Forbidden(#403) and it says "You are not allowed to perform this action."
Now, I would like to ask if how will I be able to view the web pages that I've created. Thanks in advance.

The problem is related with AccessControl filter.
You can add help action to the this list of allowed actions for example like this:
[
'actions' => ['login', 'error', 'help'],
'allow' => true,
],
You can read more and check how access rules are applied in according documentation section.

Categories