Problem Setting Controller Namespace in Yii2-basic template

onmotion / yii2-survey

Adds survey functionality to your Yii2 application

14 stars 20 forks source link

Problem Setting Controller Namespace in Yii2-basic template #10

Closed IvandaNothabeer closed 5 years ago

IvandaNothabeer commented 5 years ago

There is a note in the install instructions that the controller namespace must be manually set when the yii2-basic template is used. It is not clear what you mean by this ....

If controllerNamespace == onmotion\survey\controllers then only the back end works if controllerNamespace == onmotion\survey\widgetControllers then only the front end works

In Module.php, the init function only sets the controller namespace dynamically if the config setting for controllerNamespace is empty.

What logic is required to set controller Namespace correctly when the yii2-basic template is used ?

onmotion commented 5 years ago

Actually, I think it is should be set manually according to rbac or something else. For example, if your user can access to the admin page, you should set controllerNamespace for module dynamically (\Yii::$app->getModule('survey') and then set controllerNamespace to onmotion\survey\controllers)

IvandaNothabeer commented 5 years ago

I don't think that's going to work. Admin users will not be able to view or complete the surveys. This would require the admin user to logout / login with another ID to be able to view and test a survey.

onmotion commented 5 years ago

you should set controllerNamespace to onmotion\survey\controllers only on the admin page (conditionally). It is assumed that the widget will be on another page.

IvandaNothabeer commented 5 years ago

Is there a strong reason why you are using 2 separate controller namespaces? It looks like it might be a better solution to move the widget controllers into the base module controller namespace. (But maybe a few hours work of course). No need for setting namespaces then.

I can try to make a PR if you think this is possible.

onmotion commented 5 years ago

Yes, it is for security reasons. By default, a user can access only to the widget instance. But you can provide him admin access by explicitly choosing the admin controller namespace.

hguenot commented 5 years ago

Hi, You can load module twice mapping on different routes :

'modules' => [
    /* ... */
    'survey' => [
        'class' => \onmotion\survey\Module::class,
        'controllerNamespace' => 'onmotion\survey\widgetControllers',
        'params' => [ /** omitted */ ],
    ],
    'asurvey' => [
        'class' => \onmotion\survey\Module::class,
        'controllerNamespace' => 'onmotion\survey\controllers',
        'params' => [ /** omitted */ ],
        'as access' => [ /** omitted */ ],
    ],
    /* ... */
]

So route survey will be used by widgets and asurvey for administrating surveys.