We Keep Coding

Unknown Property – yii\base\UnknownPropertyException for behavior method

I have set some properties in behavior() method and I'm getting this error
public function behaviors()
{
return [
'access'=>[
'class'=> AccessControl::className(),
'only'=>['create','update'],
'rules'=>[
'allow'=>true,
'roles'=>['#'],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['POST'],
],
],
];
}
please someone see it to solve

AccessControl::$rules should be array of rules, so you need something like this:
'access' => [
'class' => AccessControl::className(),
'only' => ['create','update'],
'rules' => [
[
'allow' => true,
'roles' => ['#'],
],
],
],

Just change as per below code
'access'=>[
'class'=> AccessControl::className(),
'rules'=>[
'actions'=>['create','update'],
'allow'=>true,
'roles'=>['#'],
],

How to set global access control in yii2?

I have AdminController with behavior:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login'],
'allow' => true,
'roles' => ['*'],
],
[
'actions' => ['index', 'logout'],
'allow' => true,
'roles' => ['admin', 'editor', 'expert'],
],
[
'actions' => ['update', 'delete'],
'allow' => true,
'roles' => ['admin'],
]
]
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['get'],
],
],
];
}
Then i create child controllers for:
default controller
inf-courses controller
and other
How can i use rules on parent (AdminController) then its working?
If i add similar rules in deafult it works, but globally not.
P.S. I do admin panel and want next:
- any one can try to login
- access to admin pane: ['admin', 'editor', 'expert']
- logout can only ['admin', 'editor', 'expert']
It's globally rules for all module admin with parent AdminController.
Thank.

If you extend controller and then override behaviors() then you make sure to include parent's behaviors like this:
return ArrayHelper::merge(parent::behaviors(), [
// your behaviors here
]);

Done!
I make my AdminController like:
class AdminController extends Controller {
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'roles' => ['admin', 'editor', 'expert'],
],
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['delete'],
'allow' => true,
'roles' => ['admin'],
]
]
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['get'],
],
],
];
}
}
And extends it for each controller in admin

Yii2 - behaviour of a controller

Learning about behaviour of a controller.
In this controller, I got a lot of action that should be access after login.
How can I make one special action in this controller without login ?
I just try it, not succces. This is my code.
class RequestController extends Controller {
public function behaviors() {
return [
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post'],
'bulk-delete' => ['post'],
],
],
'access' => [
'class' => AccessControl::className(),
'only' => ['approve'], /*Special action*/
'rules' => [
[
'actions' => ['approve'],
'allow' => false,
'roles' => ['?'],
],
],
],
];
}
Please advise.

You need use in rules
'allow' => true, this is described here:
Yii2 authorization

You should assign
'access' => [
'class' => AccessControl::className(),
'only' => ['approve'], /*Special action*/
'rules' => [
[
'actions' => ['approve'],
'allow' => true,
'roles' => ['?'],
],
],
],

Yii2 - exception 'yii\web\ForbiddenHttpException'

When I logged in backend admin panel. It works fine but when I visit the link (eg: site.com/backend/web/site/manage-country) first time it won't show any error. If I visit the same link second time. It redirected to site.com and show this error.
exception 'yii\web\ForbiddenHttpException' with message 'You are not
allowed to perform this action.' in
/home/kometonl/public_html/demo/vendor/yiisoft/yii2/filters/AccessControl.php:151
After clearing the cookies. I'll get the normal site back.
backend/controllers/SiteControllers.php
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'actions' => ['logout', 'index','manageCountry'],
'allow' => true,
'roles' => ['#'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
backend/config/main.php
'urlManager'=> [
'class' => 'yii\web\UrlManager',
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
'site/manage-country' => 'site/managecountry',]
],

Change Your Behaviour As
[
'actions' => ['logout', 'index','managecountry'],
'allow' => true,
'roles' => ['#'],
],
in SiteController
public function actionManagecountry(){
echo 'hi';
}

Does Access Control Filter implementation work for REST API?

I tried finding out from the documentation but it is not mentioned and from this answer here it should work fine with REST API. Here is my code which returns status code 401 whenever I do not send access token with my request.
public function behaviors()
{
return [
'compositeAuth' => [
'class' => CompositeAuth::className(),
'authMethods' => [
QueryParamAuth::className(),
],
],
'access' => [
'class' => AccessControl::className(),
'only' => ['index', 'logout'],
'rules' => [
[
'actions' => ['index'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout'],
'allow' => true,
'roles' => ['#'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
Both actionIndex and actionLogout require access token on my query though I want only logout to do this. My controller extends my base class which extends \yii/rest/Controller