What about authorization?

M

Max DangerPro2016-11-25 23:24:11

Yii

Max DangerPro, 2016-11-25 23:24:11

I need your help again Comrades.
Found a glitch in the authorization system. If I go to the address: sitename.ru/admin, then it redirects to sitename.ru/site/login Everything is fine, I thought so. Until I went to the sitename.ru/admin/category address, instead of category , you can substitute any other controller that exists. I calmly navigate and the site opens the admin panel without authorization.
How can this be corrected?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitry, 2016-11-26
@DangerPro

Good evening.
Close each controller with yii\filters\AccessControl
Or configure rbac.
ps Read more here

M

Max DangerPro, 2016-11-26
@DangerPro

For myself, I did so.
I created a function in the parent class that redirects from any page in the admin if the user is not authorized

public function beforeAction($action) {
        if (Yii::$app->user->isGuest) {
            return Yii::$app->getResponse()->redirect(Url::to(['/site/login/']));
        }
        return parent::beforeAction($action);
    }