add access control to backend

2015-11-02 14:32:19 +01:00
parent e34b150d74
commit 1ee0a6bbe9
13 changed files with 106 additions and 11 deletions
--- a/backend/controllers/AccountController.php
+++ b/backend/controllers/AccountController.php
@@ -23,6 +23,18 @@ class AccountController extends Controller
                    'delete' => ['post'],
                ],
            ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'index','view','create','update'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
        ];
    }

--- a/backend/controllers/DiscountController.php
+++ b/backend/controllers/DiscountController.php
@@ -23,6 +23,18 @@ class DiscountController extends Controller
                    'delete' => ['post'],
                ],
            ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'index','view','create','update'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
        ];
    }

--- a/backend/controllers/ProcurementController.php
+++ b/backend/controllers/ProcurementController.php
@@ -26,6 +26,18 @@ class ProcurementController extends Controller
                    'delete' => ['post'],
                ],
            ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'index','view','create','update'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
        ];
    }

--- a/backend/controllers/ProductCategoryController.php
+++ b/backend/controllers/ProductCategoryController.php
@@ -23,6 +23,19 @@ class ProductCategoryController extends Controller
                    'delete' => ['post'],
                ],
            ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'index','view','create','update'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
+        		
        ];
    }

--- a/backend/controllers/ProductController.php
+++ b/backend/controllers/ProductController.php
@@ -25,9 +25,22 @@ class ProductController extends Controller
                    'delete' => ['post'],
                ],
            ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'index','view','create','update'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
        ];
    }

+    
    /**
     * Lists all Product models.
     * @return mixed
--- a/backend/controllers/TicketTypeController.php
+++ b/backend/controllers/TicketTypeController.php
@@ -24,6 +24,18 @@ class TicketTypeController extends Controller
                    'delete' => ['post'],
                ],
            ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'index','view','create','update'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
        ];
    }

--- a/backend/controllers/UserController.php
+++ b/backend/controllers/UserController.php
@@ -29,6 +29,18 @@ class UserController extends Controller
                    'delete' => ['post'],
                ],
            ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'index', 'create','update','view'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
        ];
    }

--- a/backend/controllers/WarehouseController.php
+++ b/backend/controllers/WarehouseController.php
@@ -24,6 +24,18 @@ class WarehouseController extends Controller
                    'delete' => ['post'],
                ],
            ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'create','update','view','index'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
        ];
    }