Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
Leopandro2016-01-16 11:31:20
Yii
Leopandro, 2016-01-16 11:31:20

Why do non-logged in users have access to the controller?

With this code in the model, I define access to pages depending on the role (admin is role_id=1, user is role_id=2).

class User extends BaseUser
{


    public static function getNameById($id) {
        $row = self::find()->andWhere('id = :userId', array('userId' => $id))->one();
        if($row)
            return $row->username;
        return '';
    }



    public static function getMenuItemsByRoleUser($isAdmin,$isGuest) {

        if($isGuest)
            return [];

        if(Yii::$app->user->identity->role_id == 1) {
            return [
                ['label' => 'Пользователи', 'url' => ['/user/admin/index']],
                ['label' => 'Права доступа', 'url' => ['/access/index']],
                ['label' => 'Каталог разделов', 'url' => ['/catalog/index']],
                ['label' => 'Сверка дат', 'url' => ['/user/admin/index1']],
                ['label' => 'Импорт', 'url' => ['/user/admin/index1']],
                ['label' => 'Экспорт', 'url' => ['/user/admin/index1']],
                ['label' => '', 'url' => ['/user/admin/index1']],
                [
                    'label' => 'Выйти (' . Yii::$app->user->identity->username . ')',
                    'url' => ['/site/logout'],
                    'linkOptions' => ['data-method' => 'post']
                ],
            ];

        } else if(Yii::$app->user->identity->role_id == 2){
            return [
                ['label' => 'Каталог разделов', 'url' => ['/catalog/index']],
                ['label' => 'Каталог материалов', 'url' => ['/tasks-manager/index']],
                ['label' => 'Отчет', 'url' => ['/tasks-manager/index']],
                [
                    'label' => 'Выйти (' . Yii::$app->user->identity->username . ')',
                    'url' => ['/site/logout'],
                    'linkOptions' => ['data-method' => 'post']
                ],
            ];
        }
    }

    public function getRole()
    {
        return $this->hasOne(Role::className(), ['id' => 'role_id']);
    }
}

But if I manually follow the catalog/index link, for some reason this page is displayed for me even if I'm not logged in... why can this happen? if anything, this bug appeared after I needed to change the names of the controllers...

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
M
Maxim Kolokolnikov, 2016-01-16
@maxmirazh33

Here, only the menu is formed from the user role, you also need to configure access to controllers / actions. In yii there is an access control filter behavior for this

Similar questions
D
Dmitriy G2019-03-18 00:14:24
How to write LEFT JOIN ON ..OR in yii2? 1Reply
B
bagos2019-03-18 13:44:04
How to add to gridview Pjax data request->queryParams input value not from gridview? 1Reply
S
Sergey Doniy2016-10-20 14:14:37
How to organize RBAC in Yii2 to control, in addition to accesses, access by language to the content? 2Reply
S
Slavanb2016-10-21 13:31:33
How to create one ActiveRecord model based on another ActiveRecord model in Yii2? 2Reply
P
Pavel Gogolinsky2014-10-23 12:33:29
How to organize ajax update of element with id="myElem" in Yii? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question