how to restrict guest access /admin/*

[shyandsy]

I wanna the guest can only access /admin/user/login and admin can access other part under /admin

I created two roles: guest and admin, and the admin has permission to access the /admin/*

my main.php

'components' => [
        'user' => [
            'identityClass' => 'common\models\User',
            'enableAutoLogin' => true,
        ],

       ......................

        'urlManager' => [
            'enablePrettyUrl' => true,
            'enableStrictParsing' => false, //使用restful时候，此参数必须为false，否则会404
            'showScriptName' => false,
            'rules' => [
                ['class' => 'yii\rest\UrlRule', 'controller' => 'user'],
            ],
        ],
        'authManager' => [
            'class' => 'yii\rbac\DbManager', // 使用数据库管理配置文件
            'defaultRoles' => ['guest'],//添加此行代码，指定默认规则为 'guest'
        ],
        'as access' => [
            'class' => 'mdm\admin\components\AccessControl',
            'allowActions' => [
                'site/*',//允许访问的节点，可自行添加
                'admin/user/login', //允许登录
                //'admin/*',//允许所有人访问admin节点及其子节点
            ]
        ],
    ],

    'modules' => [
        'admin' => [
            'class' => 'mdm\admin\Module',
            'layout' => 'left-menu',//yii2-admin的导航菜单
        ]
    ],

why the gust still can access /admin/*???

[mdmunir]

wrong place of as access. Not belong of components

[shyandsy]

@mdmunir so where should I put this?

[mdmunir]

read this https://github.com/mdmsoft/yii2-admin/blob/master/docs/guide/configuration.md#basic-configuration