add role checking to controllers

2015-11-05 17:24:09 +01:00
parent 43d5598f23
commit cc83ccf761
39 changed files with 362 additions and 78 deletions
--- a/backend/controllers/AccountController.php
+++ b/backend/controllers/AccountController.php
@@ -14,6 +14,32 @@ use yii\filters\VerbFilter;
 */
 class AccountController extends \backend\controllers\BackendController
 {
+	
+	
+	public function behaviors()
+	{
+		return [
+			'access' => [
+				'class' => \yii\filters\AccessControl::className(),
+					'rules' => [
+					// allow authenticated users
+						[
+						'actions' => [ 'index','view' ],
+						'allow' => true,
+						'roles' => ['employee','admin','reception'],
+						],
+						// allow authenticated users
+						[
+						'actions' => [ 'create', 'update'],
+						'allow' => true,
+						'roles' => ['admin'],
+						],
+				// everything else is denied
+				],
+			],
+		];
+	}
+	

    /**
     * Lists all Account models.