forbidden 403 - Githubissues

schmunk42 / yii2-giiant

Yii 2 Framework Code Generator Gii on Steroids

271 stars 120 forks source link

forbidden 403 #137

Open ghost opened 8 years ago

ghost commented 8 years ago

hello,

i am new with yii2 framework and i use yii2 advanced template with yii2-giiant extension. i generate all file with yii batch but when i go to http://localhost/crud/blabla/index i have an error "You are not allowed to perform this action".

are there rules in the controller ?

thank you

schmunk42 commented 8 years ago

did you enable --crudAccessFilter? https://github.com/schmunk42/yii2-giiant/search?utf8=✓&q=crudaccessfilter
are you logged in when you see the 403?

ghost commented 8 years ago

yes crudaccessfilter is enabled and i am logged. i tried with admin and a normal user...

schmunk42 commented 8 years ago

So your controller classes should have a behaviors() method then.

The convention for giiant's access rules is that there needs to be a corresponding permission to the controller route, i.e.

/crud/product/index -> crud_product_index
/backend/anothertable/create-> backend_anothertable_create.

Since it can be a bit tedious to set all of them, we provide a custom User in our application template which allows setting crud or crud_product to access all controller or actions, if the route parameter is set.

You may copy the (relevant parts of the) user-class to your application or set all RBAC items somewhere.

We need to clarify this in the docs. CC: @Quexer69

ghost commented 8 years ago

hi,

i add a complete behavoirs() method in my controllers/crud/BlablaController.php but i have the same error forbidden 403.

    public function behaviors()
    {
        return [
            'access' => [
                'class' => AccessControl::className(),
                'rules' => [
                    [
                        'controllers' => ['coordinate'],
                        'actions' => ['index', 'view', 'create', 'update', 'delete'],
                        'allow' => true,
                        'roles' => ['admin'],
                    ],
                    [
                        'controllers' => ['coordinate'],
                        'actions' => ['create', 'update'],
                        'allow' => true,
                        'roles' => ['editor'],
                    ],
                    [
                        'controllers' => ['coordinate'],
                        'actions' => ['index', 'view'],
                        'allow' => true
                    ],
                ], // rules

schmunk42 commented 8 years ago

Double-check your access rules syntax and debug the permissions step-by-step. Since you can disable the access rules feature in giiant, I think this is more a Yii configuration issue.

You can take a look at Phundament to see how the auth & RBAC is configured there.

Which authManager component are you using?