Hi
I am quite new to yii - after messing with kohana, ci, symphony, yii seems most logical. I am writing some application that uses crud operations on db tables - just simple as tutorial.
But I haven't found how to restrict properly access to views where user is guest.
I managed to apply login against database users, so that is nice. And this is how I am trying to achieve that.
Let assume I have model mA which has view vA. When I run URL of my app I can see only LOGIN link with login screen (the very same as in testdrive app of yii), when user logs in, there are morel links to views of all models especially of model mA. Also logged user has the link LOGOUT(currentUser). When user clicks on LOGOUT he is moved to login screen and becomes guest again. But when user enters in URL: _http://yii/myapp/index.php?r=mA (view of model A) the page of model A with all the data is displayed, but THIS NOT WHAT I WANT.
So I put in main config this line:
which points to login screen.
And in the _http://yii/myapp/protected/views/site/index.php I put:
So when I launch URL of the app it moves me to the login screen if user is guest. However I can manually go to views of all models, by launching URL's. Do I have to enter the above code in every view of every model? For example in admin.php, create.php, index.php, update.php, view.php, to restrict access to them for authenticated users? Or is there any global function to do it?
Thanks in advance,
Tom
I am quite new to yii - after messing with kohana, ci, symphony, yii seems most logical. I am writing some application that uses crud operations on db tables - just simple as tutorial.
But I haven't found how to restrict properly access to views where user is guest.
I managed to apply login against database users, so that is nice. And this is how I am trying to achieve that.
Let assume I have model mA which has view vA. When I run URL of my app I can see only LOGIN link with login screen (the very same as in testdrive app of yii), when user logs in, there are morel links to views of all models especially of model mA. Also logged user has the link LOGOUT(currentUser). When user clicks on LOGOUT he is moved to login screen and becomes guest again. But when user enters in URL: _http://yii/myapp/index.php?r=mA (view of model A) the page of model A with all the data is displayed, but THIS NOT WHAT I WANT.
So I put in main config this line:
'homeUrl'=>array('site/login'),
which points to login screen.
And in the _http://yii/myapp/protected/views/site/index.php I put:
// IF NOT LOGGED IN, GO TO LOGIN SCREEN
if(Yii::app()->user->isGuest)
{
$this->redirect(Yii::app()->homeUrl);
// IF NOT LOGGED IN, GO TO LOGIN SCREEN
}
So when I launch URL of the app it moves me to the login screen if user is guest. However I can manually go to views of all models, by launching URL's. Do I have to enter the above code in every view of every model? For example in admin.php, create.php, index.php, update.php, view.php, to restrict access to them for authenticated users? Or is there any global function to do it?
Thanks in advance,
Tom