Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
AlexAll2019-01-29 11:14:35
Yii
AlexAll, 2019-01-29 11:14:35

How to prevent a user from logging into the admin panel?

Such a question, if I close the user's access to the admin panel like this in the Site controller

'access' => [
                'class' => AccessControl::className(),
                'rules' => [
                    [
                        'actions' => ['login', 'error'],
                        'allow' => true,
                    ],
                    [
                        'actions' => ['logout', 'index'],
                        'allow' => true,
                        'roles' => ['admin'],
                    ],
                ],
            ],

Or even like this in the main config for the entire backend
'as access' => [
        'class' => 'yii\filters\AccessControl',
        'except' => ['site/login', 'site/error'],
        'rules' => [
            [
                'allow' => true,
                'roles' => ['admin'],
            ],
        ],
    ],

Then any user can log in to the backend and see the main and menus of the admin panel, of course, he cannot do anything there and see more too. But I would like that if it's not the admin logged in, then throw an exception. How to do it?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Arthur K., 2019-01-29
@amark

In the controller that will check the authorization, immediately add a condition for checking the access level.
An example of a possible implementation on the first Yii

public function actionLogin()
    {
        if (!Yii::app()->user->isGuest)
        {
            $role = Yii::app()->user->role;
            if ($role)
            {
                $this->redirect(Yii::app()->params['modules_default_pages'][$role]);
            }
        }

        $model = new LoginForm;

        // if it is ajax validation request
        if (isset($_POST['ajax']) && $_POST['ajax'] === 'login-form')
        {
            echo CActiveForm::validate($model);
            Yii::app()->end();
        }

        // collect user input data
        if (isset($_POST['LoginForm']))
        {
            $model->attributes = $_POST['LoginForm'];

            if ($model->validate() && $model->login())
                    $this->redirect(Yii::app()->user->returnUrl);
        }

        $this->render('login', array('model' => $model));
    }

Report
M
Maxim Timofeev, 2019-01-29
@webinar

will see the main and menus of the admin panel,

only if you do not change the layout for the error page
you are looking for the problem in the wrong place. It is that you have 1 layout for both public pages and pages with limited access. Login and error should have a layout without menus, etc.

Similar questions
J
Julia2020-07-27 12:17:28
Yii2 Why does pjax reload the page when sorting a column and removing (ActionColumn)? 0Reply
A
AlexRas2020-07-27 20:08:12
In yii2, ajax validation blocks opening the form in a new window, how can I fix this? 0Reply
S
shell_execute2016-03-24 23:30:03
What frameworks/CMFs are supported out of the EAV box? 4Reply
T
Test Test2016-03-25 14:50:26
How to make Apache or Yii return 404 without 301? 2Reply
B
Bahodir Ismatov2018-08-17 14:22:09
How to create a Controller for multiple insert data? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question