add access control to backend

backend/controllers/ProcurementController.php

@@ -26,6 +26,18 @@ class ProcurementController extends Controller
                     'delete' => ['post'],
                 ],
             ],
+        		'access' => [
+        				'class' => \yii\filters\AccessControl::className(),
+        				'only' => [   'index','view','create','update'],
+        				'rules' => [
+        						// allow authenticated users
+        						[
+        								'allow' => true,
+        								'roles' => ['@'],
+        						],
+        						// everything else is denied
+        				],
+        		],
         ];
     }