add access control to backend

backend/controllers/AccountController.php

@@ -23,6 +23,18 @@ class AccountController extends Controller
                     'delete' => ['post'],
                 ],
             ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'index','view','create','update'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
         ];
     }
 

backend/controllers/DiscountController.php

@@ -23,6 +23,18 @@ class DiscountController extends Controller
                     'delete' => ['post'],
                 ],
             ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'index','view','create','update'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
         ];
     }
 

backend/controllers/ProcurementController.php

@@ -26,6 +26,18 @@ class ProcurementController extends Controller
                     'delete' => ['post'],
                 ],
             ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'index','view','create','update'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
         ];
     }
 

backend/controllers/ProductCategoryController.php

@@ -23,6 +23,19 @@ class ProductCategoryController extends Controller
                     'delete' => ['post'],
                 ],
             ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'index','view','create','update'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
+        		
         ];
     }
 

backend/controllers/ProductController.php

@@ -25,9 +25,22 @@ class ProductController extends Controller
                     'delete' => ['post'],
                 ],
             ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'index','view','create','update'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
         ];
     }
 
+    
     /**
      * Lists all Product models.
      * @return mixed

backend/controllers/TicketTypeController.php

@@ -24,6 +24,18 @@ class TicketTypeController extends Controller
                     'delete' => ['post'],
                 ],
             ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'index','view','create','update'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
         ];
     }
 

backend/controllers/UserController.php

@@ -29,6 +29,18 @@ class UserController extends Controller
                     'delete' => ['post'],
                 ],
             ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'index', 'create','update','view'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
         ];
     }
 

backend/controllers/WarehouseController.php

@@ -24,6 +24,18 @@ class WarehouseController extends Controller
                     'delete' => ['post'],
                 ],
             ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'create','update','view','index'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
         ];
     }
 

backend/views/user/index.php

@@ -28,7 +28,9 @@ $this->params['breadcrumbs'][] = $this->title;
             'email:email',
             'created_at:datetime',
 
-            ['class' => 'yii\grid\ActionColumn'],
+            ['class' => 'yii\grid\ActionColumn',
+             'template' => '{view} {update}'
+    ],
         ],
     ]); ?>
 

backend/views/user/view.php

@@ -16,13 +16,6 @@ $this->params['breadcrumbs'][] = $this->title;
 
     <p>
         <?= Html::a(Yii::t('app', 'Update'), ['update', 'id' => $model->id], ['class' => 'btn btn-primary']) ?>
-        <?= Html::a(Yii::t('app', 'Delete'), ['delete', 'id' => $model->id], [
-            'class' => 'btn btn-danger',
-            'data' => [
-                'confirm' => Yii::t('app', 'Are you sure you want to delete this item?'),
-                'method' => 'post',
-            ],
-        ]) ?>
     </p>
 
     <?= DetailView::widget([