problem description
I am using the yii2-admin rbac function and found that regardless of whether the user is logged in or not, the connection address can be entered in the address bar to access the admin module.
the environmental background of the problems and what methods you have tried
yii2-admin module installed by yii2.0 composer
related codes
/ / Please paste the code text below (do not replace the code with pictures)
return [
]"id" => "app-backend",
"basePath" => dirname(__DIR__),
"controllerNamespace" => "backend\controllers",
"bootstrap" => ["log"],
"modules" => [
"admin" => [
"class" => "mdm\admin\Module",
],
],
"aliases" => [
"@mdm/admin" => "@vendor/mdmsoft/yii2-admin",
],
"components" => [
"request" => [
"csrfParam" => "_csrf-backend",
],
"user" => [
"identityClass" => "mdm\admin\models\User",
"loginUrl" => "/admin/user/login",
"enableAutoLogin" => true,
"identityCookie" => ["name" => "_identity-backend", "httpOnly" => true],
],
"session" => [
// this is the name of the session cookie used for login on the backend
"name" => "advanced-backend",
],
"log" => [
"traceLevel" => YII_DEBUG ? 3 : 0,
"targets" => [
[
"class" => "yii\log\FileTarget",
"levels" => ["error", "warning"],
],
],
],
"errorHandler" => [
"errorAction" => "site/error",
],
"authManager" => [
"class" => "yii\rbac\DbManager",
/ / "defaultRoles" = > [" guest"],
],
"as access" => [
"class" => "mdm\admin\components\AccessControl",
"allowActions" => [
//action
/ / "site/login",
/ / controller/action
]
],
"urlManager" => [
"enablePrettyUrl" => true,
"showScriptName" => false,
"rules" => [
[
"class" => "yii\rest\UrlRule",
"controller" => "site"
],
[
"class" => "yii\rest\UrlRule",
"controller" => "user"
],
],
],
],
"params" => $params,
what result do you expect? What is the error message actually seen?
it is hoped that only Super Admin can access and set up rbac-related routing and allocation functions