Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
AlexAll2019-01-29 11:14:35
Yii
AlexAll, 2019-01-29 11:14:35

How to prevent a user from logging into the admin panel?

Such a question, if I close the user's access to the admin panel like this in the Site controller

'access' => [
                'class' => AccessControl::className(),
                'rules' => [
                    [
                        'actions' => ['login', 'error'],
                        'allow' => true,
                    ],
                    [
                        'actions' => ['logout', 'index'],
                        'allow' => true,
                        'roles' => ['admin'],
                    ],
                ],
            ],

Or even like this in the main config for the entire backend
'as access' => [
        'class' => 'yii\filters\AccessControl',
        'except' => ['site/login', 'site/error'],
        'rules' => [
            [
                'allow' => true,
                'roles' => ['admin'],
            ],
        ],
    ],

Then any user can log in to the backend and see the main and menus of the admin panel, of course, he cannot do anything there and see more too. But I would like that if it's not the admin logged in, then throw an exception. How to do it?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Arthur K., 2019-01-29
@amark

In the controller that will check the authorization, immediately add a condition for checking the access level.
An example of a possible implementation on the first Yii

public function actionLogin()
    {
        if (!Yii::app()->user->isGuest)
        {
            $role = Yii::app()->user->role;
            if ($role)
            {
                $this->redirect(Yii::app()->params['modules_default_pages'][$role]);
            }
        }

        $model = new LoginForm;

        // if it is ajax validation request
        if (isset($_POST['ajax']) && $_POST['ajax'] === 'login-form')
        {
            echo CActiveForm::validate($model);
            Yii::app()->end();
        }

        // collect user input data
        if (isset($_POST['LoginForm']))
        {
            $model->attributes = $_POST['LoginForm'];

            if ($model->validate() && $model->login())
                    $this->redirect(Yii::app()->user->returnUrl);
        }

        $this->render('login', array('model' => $model));
    }

Report
M
Maxim Timofeev, 2019-01-29
@webinar

will see the main and menus of the admin panel,

only if you do not change the layout for the error page
you are looking for the problem in the wrong place. It is that you have 1 layout for both public pages and pages with limited access. Login and error should have a layout without menus, etc.

Similar questions
Y
Yaroslav Yakovlev2022-01-27 19:08:09
I need to transfer the file to a folder on drive C like C:/Windows/searvicing. But it says access denied, how can I get access using the code? 3Reply
D
Doctor Bi2018-08-14 12:30:25
How to enable pretty url yii2? 1Reply
A
Alexander Pantyukhov2016-03-23 13:21:19
Question on YII2. When you click on the captcha image, it changes, but the text, even if it is correct, writes that it is incorrect. What could be the problem? 2Reply
E
EVOSandru62016-03-24 12:30:08
Why similar url requests are not accepted in yii1? 0Reply
S
shell_execute2016-03-24 23:30:03
What frameworks/CMFs are supported out of the EAV box? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question