How/where do you set the controller/method Yii2 uses when a user is required to be logged in? Currently it goes to site/login and I'm trying to point it to auth/login.
Assuming you are using advanced template in your config/main.php (or main-local.php) you should define your user component g for frontented app
'user' => [
'identityClass' => 'app\models\web\User',
'enableAutoLogin' => true,
'loginUrl'=>['/frontend/auth/login'],
],
Related
I use rbac (dektrium) and ACF to check to access users in my project (yii2). I created some role for example :admin, manager, suser,user,.. I have some actions that all user can use its for example view action. how can define in behaviors method that all user can use view action?
To do this we assigned actions to user '*' in yii1.
...
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('view'),
'users'=>array('*'),
),
...
in yii2 use this code ()
...
[
'allow' => true,
'actions' => ['view'],
'roles' => ['?'],
],
...
but when admin user or manager user want to access to myController/view shows forbidden. only guests can access to myController/view, how can define a role or access to access to all user by default?
If you want to allow everyone to access action then there is no need to apply access filter for that action. To avoid applying access filter for specific actions you can use $except property of yii\filters\AccessControl. For example like this:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'except' => ['view'],
'rules' => [
//rules for other actions ...
]
],
//other behaviors ...
];
}
Other option would be to use a combination of roles ? (guests) and # (all logged in users) like this:
[
'allow' => true,
'actions' => ['view'],
'roles' => ['?', '#'],
]
There is also $only property in yii\filters\AccessControl that allows to apply filter only to explicitly named actions. But it's better to use $except for security reasons.
Resources:
yii\filters\AccessControl
yii\filters\AccessRule::$roles
I'm new to Yii2 and I need to make my ActionColumn class buttons of the GridView visible just only for admin and moderator.
I have 3 kinds of user rights:
const TYPE_NORMAL = 0;
const TYPE_SUPER = 1;
const TYPE_MASTER = 2;
And I need that my GridView would allow buttons just only for TYPE_SUPER and TYPE_MASTER. How can I achieve this?
Here is my GridView class:
Tried to do that with visibleButtons or template, but buttons are dissapearing for all the user rights. Thank you for the help
[
'class' => 'yii\grid\ActionColumn',
'template' => '',
],
You could use visible property
and if you have a rbac management in your Yii2 app where your users have role eg: admin you could
[
'class' => 'yii\grid\ActionColumn',
'visible' => Yii::$app->User->can('admin'),
],
for your user "TYPE" this seems not related to user http://www.yiiframework.com/doc-2.0/yii-web-user.html or http://www.yiiframework.com/doc-2.0/yii-web-identityinterface.html.. so you should explain better what do you mean
May I know how to have function of automatic logout if users have inactive more than 5 minutes in yii2 ?
Try this configuration :
'user' => [
'enableAutoLogin' => false,
'authTimeout' => 300,
],
authTimeout
Your answer lies in configuration of "user" component in your config files.
Everything you need to know is in this documentation Yii2 User Component, set authTimout property to 300 (that's in seconds) and your user should be logged out after 5 minutes of inactivity.
In your component configuration you need to add config in user component like this
'components'=>[
'user' => [
'class'=>'yii\web\User',
'identityClass' => 'common\models\User',
'loginUrl'=>['sign-in/login'],
'enableAutoLogin' => false,
'authTimeout'=>300, //Number of second to Automatic Logout if inactive
//this config is optional
'identityCookie' => [
'name' => '_backendUser', // unique for backend
'path'=>'#backend/web' // correct path for the backend app.
],
'as afterLogin' => 'common\behaviors\LoginTimestampBehavior'
],
],
Besides of setting up the main.php I have three suggestion to handle this situation.
You should set you application in production mode ..
customize the site/error.php to check if user is guest and if not display the div with message like "Session expires" and a link to "site/login".
Alternatively, To redirect to login page when clicks on any link, define the access-control in a controller behaviors function and then you are done.
Anyone know how to collaborate ACF and RBAC in yii2? i just want to add role name (ie: admin, contributors, editors) in my code:
'access' => [
'class' => AccessControl::className(),
'only' => ['logout', 'signup', 'try','about'],
'rules' => [
[
'actions' => ['try'],
'allow' => true,
'roles' => ['?','admin','editors'],
],
],
]
You can simply create proper permission in your rbac module (the rbac rule are not mandatory) and the set in your acf the action allow or deny to the permission create .. then the user assigned to this premission or group of permissions can accessing the action allowed ..
You can also test the permession for the user in you code
eg. assuming there is a set of users whit permissione manageUser you can test this way
if (Yii::$app->User->can('manageUser')) {
// your code for who ca manage user
}
my site start with a default language(which is English) then based on user's preference i should change it. is this possible in Yii2 ? is there any widget for this
I use contentNegotiator, without assign a language to the user the language is automatically assigned by the application.
for this
In config/main.php in bootstrap section start the component
'bootstrap' => [
'log',
'contentNegotiator',
],
in component section
'components' => [
'contentNegotiator' =>[
'class' => 'yii\filters\ContentNegotiator',
'languages' => [
'en-US',
'it-IT',
'fr-FR',
],
],
],
otherwise you can change when and where you want. Is application action eg you can do in any controller you chose. this way
\Yii::$app->language = 'zh-CN';