Place this rule in the beginning of the rules section:
[
'allow' => true,
'roles' => ['@'],
],
Omitting the actions means all actions.
So your AccessControl config will be like this:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'roles' => ['@'],
],
// ...
],
],
];
}
Keep in mind that rules are applied in order they are declared.
To do it globally without inheritance, add the as beforeRequest array below (not inside!) the components declaration in your application config:
'components' => [ ... ],
'as beforeRequest' => [
'class' => 'yiifiltersAccessControl',
'rules' => [
[
'allow' => true,
'actions' => ['login'],
],
[
'allow' => true,
'roles' => ['@'],
],
],
'denyCallback' => function () {
return Yii::$app->response->redirect(['site/login']);
},
],
This code will run before each request and block all actions except login for guests.
Make sure that there is no login action in other controllers than SiteController. If there are (and for example they are for different purposes), block them explicitly in according controllers. But it's pretty rare case.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
