Answer the question
In order to leave comments, you need to log in
How to completely close the admin panel for normal users in Yii2 with pass-through?
There is an advanced Yii2 application with fully pass-through authorization in the admin panel and public.
The config contains only cookies, keys, etc. for authorization to work properly.
And authorization works, but there is a problem with RBAC.
If in the public part of the site, a regular user is authorized and not a damin, he can go to
site.ru and site.ru/admin/
But at site.ru/admin/ on all controllers and actions he will see the admin template and 403 error , denied access.
Also on this page, he will see all the admin menus in the side bar.
The question is how to kick out a user when trying to access this page not as an admin, given that he can access any controller in the admin panel and not just the default one?
Or how to completely close access and display the login form to him if he has 403?
Access is denied via AccessControl in the admin config.
Below is the admin config code.
return [
'id' => 'app-backend',
'basePath' => dirname(__DIR__),
'controllerNamespace' => 'backend\controllers',
'bootstrap' => ['log'],
'modules' => [
'gii' => [
'generators' => [
'migrik' => [
'class' => \insolita\migrik\gii\StructureGenerator::class,
'templates' => [
'custom' => '@backend/gii/templates/migrator_schema',
],
'migrationPath' => '@console/migrations/',
],
'migrikdata' => [
'class' => \insolita\migrik\gii\DataGenerator::class,
'templates' => [
'custom' => '@backend/gii/templates/migrator_data',
],
'migrationPath' => '@console/migrations/',
],
'model' => [
'class' => ModelGenerator::class,
'enableI18N' => True,
'generateQuery' => True,
'ns' => 'core\entities',
'queryNs' => 'core\entities',
'templates' => [
'default' => '@backend/gii/templates/model/default'
]
],
'crud' => [
'class' => CRUDGenerator::class,
'baseControllerClass' => 'yii\web\Controller',
'modelClass' => 'core\entities\\',
'controllerClass' => 'backend\controllers\\',
'enableI18N' => True,
'templates' => [
'default' => '@backend/gii/templates/crud/default'
]
]
],
]
],
'components' => [
'i18n' => [
'translations' => [
'*' => [
'class' => 'yii\i18n\PhpMessageSource',
'basePath' => '@backend/messages',
'sourceLanguage' => 'lt',
'fileMap' => [
//'main' => 'main.php',
],
],
],
],
'request' => [
'csrfParam' => '_csrf-backend',
'baseUrl' => '/admin',
'cookieValidationKey' => $params['cookieValidationKey']
],
'user' => [
'identityClass' => 'common\auth\Identity',
'enableAutoLogin' => true,
'identityCookie' => [
'name' => '_identity',
'httpOnly' => true,
'domain' => $params['cookieDomain']
],
'loginUrl' => ['auth/login'],
],
'session' => [
'name' => '_session',
'cookieParams' => [
'domain' => $params['cookieDomain'],
'httpOnly' => true
]
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'errorHandler' => [
'errorAction' => 'site/error',
],
'backendUrlManager' => require __DIR__ . '/urlManager.php',
'frontendUrlManager' => require __DIR__ . '/../../frontend/config/urlManager.php',
'urlManager' => function () {
return Yii::$app->get('backendUrlManager');
},
],
'as access' => [
'class' => 'yii\filters\AccessControl',
'except' => ['auth/login', 'site/error'],
'rules' => [
[
'allow' => true,
'roles' => ['admin'],
],
],
],
'params' => $params,
];
'as access' => [
'class' => 'yii\filters\AccessControl',
'except' => ['auth/login', 'site/error'],
'rules' => [
[
'allow' => true,
'roles' => ['admin'],
],
[
'allow' => false,
'roles' => ['user'],
'denyCallback' => function ($rule, $action) {
Yii::$app->user->logout();
$action->controller->redirect('auth/login');
},
],
],
],
Answer the question
In order to leave comments, you need to log in
You can register an event globally for the backend config by specifying in beforeActin
and there check whether the user is an admin, if not, then redirect to the login page for admins.
'on beforeAction' => function ($event) {
// здесь ваше событие редиректа или авторизации и т д
},
Using the bootstrap mechanism, you can execute certain code before the application starts and the incoming request is processed.
Just create a module, for example authModule and add it to the bootstrap
"bootstrap" => ["log", "authModule"] section
and in the module, do whatever you want and do whatever you want.
It will be loaded before executing your code in controllers.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question