We Keep Coding

problem with access controle for modules in yii2

i have two type of user in my project.
1.user
2.admin
i defined module for each one of them.
module name for user = users/default/login
module name for admin = adclash/default/login
when i login with adclash/default/login i should have access only to all adclash controllers but also i have access to all controllers in another module(users) to.(if i login with adclash when i shouldnt have access to users module)
whats wrong?
define my users in web.php :
'user'=>[
'class'=>'yii\web\User',
'identityClass' => 'app\models\User',
'enableAutoLogin' => false,
'authTimeout' => 60*60,
'loginUrl' => ['users/default/login'],
'identityCookie' => [
'name' => '_panelUser',
]
],
'admin'=>[
'class'=>'yii\web\User',
'identityClass' => 'app\models\Admin',
'enableAutoLogin' => false,
'authTimeout' => 60*30,
'loginUrl' => ['adclash/default/login'],
'identityCookie' => [
'name' => '_panelAdmin',
]
],
and this my defaultControllers source:
adclah module:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'user'=>'admin', // this user object defined in web.php
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'allow' => true,
'roles' => ['#'],
],
],
],
];
}
users module:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'user'=>'user', // this user object defined in web.php
'rules' => [
[
'actions' => ['login', 'error','signup'],
'allow' => true,
],
[
'allow' => true,
'roles' => ['#'],
],
],
],
];
}

RBAC Routes add default route of module to all the routes of project?

If I add this configuration of the cms module to the config file
'cms' => [
'class' => 'yii2mod\cms\Module',
'controllerNamespace' => 'backend\controllers',
'defaultRoute' => '',
'froalaEditorOptions' => [
'clientOptions' => [
'heightMin' => 300,
'theme' => 'dark',
'imageUploadURL' => 'upload-image',
'imageManagerDeleteURL' => 'delete-image',
'imageManagerDeleteMethod' => 'POST',
'imageManagerLoadURL' => 'images'
],
'excludedPlugins' => [
'file',
'emoticons'
]
],
'enableMarkdown' => false
]
It adds the default route of this module to all the routes like this
/cms/site/login /cms/site/index /cms/site/error. Why this is happening and how i can remove this?

If you want to remove the /cms module prefix by default, you can add a global route to backend/config/main.php(If you use advanced templates): '<controller:[\w-]+>/<action:[\w-]+>' =>'cms/<controller>/<action>'.
for example:
// backend/config/main.php
return [
'urlManager' => [
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
'<controller:[\w-]+>/<action:[\w-]+>' =>'cms/<controller>/<action>'
],
],
];
Access in your bowser: www.xxx.com/site/index, it is forwarded to: /cms/site/index

installing yii2-rbac error You have wrong authManager configuration

I install yii2-rbac following this site page: https://github.com/dektrium/yii2-rbac/blob/master/docs/installation.md .
I do it second time. First time I have done, but I wrote in the config/web.php file:
'modules' => [
'user' => [
'class' => 'dektrium\user\Module',
],
//'rbac' => 'dektrium\rbac\RbacWebModule',
'rbac' => 'dektrium\rbac\RbacConsoleModule',
],
I did not know, that 'rbac' => 'dektrium\rbac\RbacConsoleModule' it must write in the console.php (not in web.php).
'authManager' => [
'class' => 'yii\rbac\DbManager',
//'defaultRoles' => ['guest'],
],
`
This code I have wrote in both config files: web.php and console.php, but in the web.php I have wrote 'rbac' => 'dektrium\rbac\RbacConsoleModule' and in console.php I have not wrote it, but all worked: yii2-rbac has been installed succeful. And all transaction have passed succeful. But 'rbac' => 'dektrium\rbac\RbacConsoleModule' in web.php seems to me wrong. It isn't web module, it is console module. Then I have rollbacked transactions (migrate/down) and I have removed rbac at all by removing from composer.json "dektrium/yii2-rbac": "1.0.0-alpha#dev" declaration. All has been removed.
Than I began to install rbac second time. After composer installation I have wrote in the web.php:
'modules' => [
'user' => [
'class' => 'dektrium\user\Module',
],
'rbac' => 'dektrium\rbac\RbacWebModule',
//'rbac' => 'dektrium\rbac\RbacConsoleModule',
],
and in console.php I have wrote:
'modules' => [
'rbac' => 'dektrium\rbac\RbacConsoleModule',
],
The site on yii2 don't work after it!!! I have changed in the web.php "...RbacConsoleModule". Site works. Why it don't work with RbacWebModule? Then I tried to apply transactions, that I have rollbacked before, but raise error: You have wrong authManager configuration
enter image description here
What can I do? Help me. Ecscuse me for my English. I'm from Russia.
my console.php:
$config = [
'id' => 'basic-console',
'basePath' => dirname(__DIR__),
'bootstrap' => ['log'],
'controllerNamespace' => 'app\commands',
'components' => [
'cache' => [
'class' => 'yii\caching\FileCache',
],
'log' => [
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'db' => $db,
'authManager' => [
'class' => 'yii\rbac\DbManager',
//'defaultRoles' => ['guest'],
]
],
'modules' => [
'rbac' => 'dektrium\rbac\RbacConsoleModule',
],
//....
my web.php:
//This all in $component
'db' => require(__DIR__ . '/db.php'),
'authManager' => [
'class' => 'yii\rbac\DbManager',
//'defaultRoles' => ['guest'],
],
],
'modules' => [
'user' => [
'class' => 'dektrium\user\Module',
],
//'rbac' => 'dektrium\rbac\RbacWebModule',
'rbac' => 'dektrium\rbac\RbacConsoleModule',
],

That all! The problem has been decided. It must write authManager section to modules, not in components:
'modules' => [
'user' => [
'class' => 'dektrium\user\Module',
],
'authManager' => [
'class' => 'yii\rbac\DbManager',
//'defaultRoles' => ['guest'],
]
//'rbac' => 'dektrium\rbac\RbacWebModule',
'rbac' => 'dektrium\rbac\RbacConsoleModule',
]

you need write that:
'components' => [
'authManager' => [
'class' => 'dektrium\rbac\components\DbManager',
'defaultRoles' => ['users'],
],
...

Yii2 - behaviour of a controller

Learning about behaviour of a controller.
In this controller, I got a lot of action that should be access after login.
How can I make one special action in this controller without login ?
I just try it, not succces. This is my code.
class RequestController extends Controller {
public function behaviors() {
return [
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post'],
'bulk-delete' => ['post'],
],
],
'access' => [
'class' => AccessControl::className(),
'only' => ['approve'], /*Special action*/
'rules' => [
[
'actions' => ['approve'],
'allow' => false,
'roles' => ['?'],
],
],
],
];
}
Please advise.

You need use in rules
'allow' => true, this is described here:
Yii2 authorization

You should assign
'access' => [
'class' => AccessControl::className(),
'only' => ['approve'], /*Special action*/
'rules' => [
[
'actions' => ['approve'],
'allow' => true,
'roles' => ['?'],
],
],
],

config urlManager yii such as facebook

I want to give this address
I want to display just username in the address.
'{username}'=>'site/user<username:{username}>'
'urlManager' => [
'showScriptName' => false,
'enablePrettyUrl' => true,
'rules' =>
[
'{username}'=>'site/user<username:{username}>',
]
,
],
How to do it ?

Try this
'urlManager' => [
'enablePrettyUrl'=>true,
'showScriptName'=>false,
....
'rules' => [
'<username:[a-zA-Z0-9_ -]+>' => 'site/user',
....
],
]