fix backend user access, fix payout cart account change

2016-02-18 22:51:55 +01:00
parent 0ce6958e0b
commit 84e2badd34
14 changed files with 153 additions and 68 deletions
--- a/backend/controllers/KeyController.php
+++ b/backend/controllers/KeyController.php
@@ -27,7 +27,19 @@ class KeyController extends Controller {
 										'post' 
 								] 
 						] 
-				] 
+				] ,
+				'access' => [
+						'class' => \yii\filters\AccessControl::className(),
+						'rules' => [
+								// allow authenticated users
+								[
+										'actions' => ['create','index','view','update'],
+										'allow' => true,
+										'roles' => ['admin','employee','reception'],
+								],
+								// everything else is denied
+						],
+				],
 		];
 	}