No permissions on dektrium user admin index action - yii2-advanced-app

I installed dektrium user but when override the AdminController.php and tried to reach admin/index what I get is Forbidden(403). After overriding the behaviors to:
'rules' => [
[
'allow' => true,
'roles' => ['?'],
],
],
the error is still the same. Did this because I still don't have any roles. What can cause this behavior ? I am aiming at the origin index.php ( the one in the dektrium\yii2-user module). Thank you!

You need to follow these rules to override controllers for dektrium-user
directory structure
You can change the following if you want it into the frontend, only starting folder needs to be changed
- backend
- controllers
- user
- AdminController
Your config for the user module under the module section should look like following
'modules' => [
..............
'user' => [
'controllerMap' => [
'admin' => 'backend\controllers\user\AdminController' ,
] ,
For overriding the controller with a new action index your minimum code should look like below
AdminController
<?php
namespace backend\controllers\user;
use dektrium\user\controllers\AdminController as BaseAdmin;
class AdminController extends BaseAdmin {
public function behaviors() {
$behaviours = parent::behaviors ();
$behaviours['access']['rules'][] = [
'allow' => true ,
'actions' => [ 'index' ] ,
'roles' => [ '?' ]
];
return $behaviours;
}
public function actionIndex(){
return $this->render('index');
}
}

Related

Yii2 advanced change views default path (theming)

I would like for my application to automatically change template
so i created this structure frontend/web/themes/myTheme
following http://www.yiiframework.com/doc-2.0/guide-output-theming.html i added this code in frontend/config/main.php
'components' => [
'view' => [
'theme' => [
'basePath' => '#app/themes/myTheme',
'baseUrl' => '#web/themes/myTheme',
'pathMap' => [
'#app/views' => '#app/themes/myTheme',
],
],
],
],
however i kept getting the error that " /var/www/html/myProject/app/frontend/views/site/index.php" The view file does not exist???
i also tried to put this function inside the controller based on How to change default view path in Yii2?
public function getViewPath()
{
return Yii::getAlias('#web/themes/myTheme/site');
}
so my question is:
1. how can I change the views default path?
2. how can i do it automatically since i can not change the common/config/main.php settings during a session?
site controller
class SiteController extends Controller
{
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['index'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['index'],
'allow' => true,
'roles' => ['#'],
],
],
],
];
}
public function actions()
{
return [
'error' => [
'class' => 'yii\web\ErrorAction',
],
'captcha' => [
'class' => 'yii\captcha\CaptchaAction',
'fixedVerifyCode' => YII_ENV_TEST ? 'testme' : null,
],
];
}
/**
* Displays homepage.
*
* #return mixed
*/
public function actionIndex()
{
$searchModel = new ProductSearch();
$dataProvider = $searchModel->search(Yii::$app->request->queryParams);
return $this->render('index', [
'searchModel' => $searchModel,
'dataProvider' => $dataProvider,
]);
}
}
I think you are configuring the wrong file.Don't configure themes in the common/config
Try this:
in frontend/config/main.php
'components' => [
'view' => [
'theme' => [
'pathMap' => [
'#frontend/views'=>'#frontend/themes/myTheme',
],
],
],
],
if you need to configure the backend then in the backend/config/main.php
'components' => [
'view' => [
'theme' => [
'pathMap' => [
'#backend/views'=>'#backend/themes/myTheme',
],
],
],
],
The common folder is has to contain the files that are required by both
frontend and backend.
Hope this helps.
First question:
I think than you have a common mistake in yii when used advanced app: the alias #app references root directory of frontend, backend, or common depending on where you access it from View documentation here.
You would used the solution proposed by ovicko.
Second question:
You can change the theme configuration dynamically in controller through view object:
$this->view->theme->pathMap =['#app/views' => '#app/themes/myTheme/',];
EDIT
According to Documentation:
Theming is a way to replace a set of views with another without the need of touching the original view rendering code.
What means that the original view file must exist and theming simply replace it in during rendering. So you must create a file in /var/www/html/myProject/app/frontend/views/site/index.php (a empty file is valid) in order to theming works.
This sounds quite ridiculous, I Know, but it works.
But I think that is much better and easier the use of differents layouts, again, to change dinamically the layout in your controller:
$this->layout = 'route/yourlayout';

yii2 with mongodb not working for login or signup

we follow this youtube link to create yii2+mongodb connection but not working. check this link: https://www.youtube.com/watch?v=1msu95ZkRe8
gives an error Object configuration must be an array containing a "class" element.
in video user.php model copy paste from doc file what is that file please help me.
I successfully realized the login service at my own project using MongoDB. But I didn't use video tutorial you pointed out.
It looks like you have an error in your configuration file. I would first check the config for mongodb component. It must be something like following (yii2-mongodb project README)
return [
//....
'components' => [
'mongodb' => [
'class' => '\yii\mongodb\Connection',
'dsn' => 'mongodb://developer:password#localhost:27017/mydatabase',
],
],
];
Other component is worth checking out is the user component:
return [
//....
'components' => [
'user' => [
'identityClass' => 'frontend\models\User', // This is your class with IdentityInterface
'enableAutoLogin' => true,
'identityCookie' => ['name' => '_identity-frontend', 'httpOnly' => true],
],
];
But in fact, similar error may appear for any configuration element of YII2.
as per video change below function behaviors in comman/models/User.php
public function behaviors()
{
return [
'timestamp' => [
'class' => 'yii\behaviors\TimestampBehavior',
'attributes' => [
ActiveRecord::EVENT_BEFORE_INSERT => ['created_at', 'updated_at'],
ActiveRecord::EVENT_BEFORE_UPDATE => ['updated_at'],
]
]
];
}

How to check if authenticated user is handler of REST resourece

I've developing a REST service on Yii2 and Angular 2 client. Using Bearer JWT authentication.
For example there is a uri: http://127.0.0.1/v1/accounts/123456/meters, which should return all user's meters by account, which he own.
Applied router rule:
'<accountId:\w+>/<action:[\w-]+>' => '<action>',
Controllers has following behaviors:
'authenticator' => [
'class' => HttpBearerAuth::className(),
'except' => ['options']
],
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'actions' => ['meters'],
'roles' => ['#'],
]
]
]
Action AccountController::actionMeters looks:
public function actionMeters($accountId)
{
// Call MS SQL procedure
$meters = Yii::$app->db->createCommand("EXEC [getMetersByAccountId] :accountId")->bindValue(':accountId', $accountId)->queryAll()
return $meters;
}
But in this way authenticated user can get (if modify GET accountId parameter) meters, which belongs to another user.
I have a user_account table in database, which link users and accounts, but I don't know in which place of application should I perform a checking properly.
How to make a check if authenticated user has an access to this resource by specified accountId parameter?
Thank you.
I've found solution to determine matchCallback in access rule. Now it's look:
[
'allow' => true,
'actions' => ['meters'],
'roles' => ['#'],
'matchCallback' => function() {
return Yii::$app->user->identity->user->hasAccount(Yii::$app->request->get('accountId'));
}
],
And define hasAccount method in User model:
public function hasAccount($accountId) {
return $this->hasOne(UserAccount::className(), ['user_id' => 'id'])->where(['account_id' => $accountId])->exists();
}
It's work correct. Is it a proper solution?

Yii2 Rest URL Routing for Regular Controllers

How is it possible to extend yii\rest\UrlRule in a way I can rewrite rules for actions of a controller? For example, I want to generate the following URIs:
/user/[username]
/user/keywords
/user/keyword/[key1]/[key2]/[...]
...
Every above actions are rendering their own view too.
You don't need to extend yii\rest\UrlRule. Just add your rules to routes of UrlManager by putting them on extraPatterns property of yii\rest\UrlRule.
For example suppose You defined a list action in your controller:
class BarController extends Controller
{
public $modelClass = 'app\models\Foo';
public function actionList()
{
return ['id' => 1];
}
}
Then in configuration file add extra route:
<?php
// some configs are here
'urlManager' => [
'class' => 'yii\web\UrlManager',
'enablePrettyUrl' => true,
'enableStrictParsing' => true,
'showScriptName' => false,
'rules' => [
[
'class' => 'yii\rest\UrlRule',
'controller' => [
'v1/bar',
],
'extraPatterns' => [
'GET list' => 'list',
],
],
],
],
// and some other configs are here
Now you can browse the api with /v1/bars/list. Read Yii2 Documentations for more examples.
you must change the extends of Controller in ActiveController
class ArticleController extends ActiveController

Yii 2 redirecting to Login if Guest visit the website

I need some advice how to make redirecting to login if someone does not login into the website and he is only Guest
use Yii;
use \yii\helpers\Url;
if ( Yii::$app->user->isGuest )
return Yii::$app->getResponse()->redirect(array(Url::to(['site/login'],302)));
Use can use it in actions or views , but if you need to use it in lots of actions you probably need look at AccessControl and restrict access even before action is fired
There are two options:
You can use the AccessControl as mentioned by #Maksym Semenykhin
You can use the option below especially when you would like the logged user to be returned to this page after login.
public function beforeAction($action){
if (parent::beforeAction($action)){
if (Yii::$app->user->isGuest){
Yii::$app->user->loginUrl = ['/auth/default/index', 'return' => \Yii::$app->request->url];
return $this->redirect(Yii::$app->user->loginUrl)->send();
}
}}
You can also create a custom 'Controller' class which inherits \yii\web\Controller then have all controllers that need authorization inherit your custom controller.
On the login function, replace the redirect part with the following code:
$return_url = empty(Yii::$app->request->get('return'))? \yii\helpers\Url::to(['/admin/default/index']) :Yii::$app->request->get('return');
return $this->redirect($return_url);
Use the access section to set access to various actions in the controller.
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['POST'],
],
],
'access' => [
'class' => \yii\filters\AccessControl::className(),
'only' => ['create', 'update','index'],
'rules' => [
// deny all POST requests
[
'allow' => false,
'verbs' => ['POST']
],
// allow authenticated users
[
'allow' => true,
'roles' => ['#'],
],
// everything else is denied
],
],
];
}
works for me.
use Yii;
use \yii\helpers\Url;
if ( Yii::$app->user->isGuest )
return Yii::$app->getResponse()->redirect(array(Url::to(['site/login'])));
The Access Control Filter will do the work for you and redirects you to the configured user->loginUrl (config/main.php) if an action is not allowed.
Add the rule:
array('deny',
'users'=>array('?'),
),
To your base controller (f.e. ‘Controller’) where all your controllers are inherited from.
I used index.php in my web/admin directory
This is the sample my index.php
<?php
// comment out the following two lines when deployed to production
defined('YII_DEBUG') or define('YII_DEBUG', true);
defined('YII_ENV') or define('YII_ENV', 'dev');
require __DIR__ . '/../../vendor/autoload.php';
require __DIR__ . '/../../vendor/yiisoft/yii2/Yii.php';
$config = require __DIR__ . '/../../config/web.php';
$config["controllerNamespace"]='app\controllers\backend';
(new yii\web\Application($config))->run();
if(Yii::$app->user->isGuest){
$request_headers = apache_request_headers();
$srv=$request_headers['Host'];
header("Location: https://".$srv);
die();
}