fix backend user access, fix payout cart account change

backend/controllers/MessageDetstaController.php

@@ -13,20 +13,28 @@ use common\components\DetStaDBSave;
 
 /**
  * MessageDetstaController implements the CRUD actions for MessageDetsta model.
+ * 
+ * TODO : FIX ACCESS
  */
 class MessageDetstaController extends Controller
 {
-    public function behaviors()
-    {
-        return [
-            'verbs' => [
-                'class' => VerbFilter::className(),
-                'actions' => [
-                    'delete' => ['post'],
-                ],
-            ],
-        ];
-    }
+	public function behaviors()
+	{
+		return [
+				'access' => [
+						'class' => \yii\filters\AccessControl::className(),
+						'rules' => [
+								// allow authenticated users
+								[
+										'actions' => [ ],
+										'allow' => true,
+										'roles' => ['admin','employee','reception'],
+								],
+								// everything else is denied
+						],
+				],
+		];
+	}
 
     /**
      * Lists all MessageDetsta models.