Published by Niels on 23 Feb 2010
Forcing a Yii application to authenticate
I wanted my Yii based application to force users to authenticate. After studying the forums, the manuals and searching the web the solution came to me just as I was about to go to bed. It is dead simple: just make sure that the only action a default user can perform is actionLogin(). See the code below on how to accomplish this:
<?php class SiteController extends Controller { /** * @return array action filters */ public function filters() { return array( 'accessControl', // perform access control for CRUD operations ); } /** * Specifies the access control rules. * This method is used by the 'accessControl' filter. * @return array access control rules */ public function accessRules() { return array( array('allow', // allow all users to perform 'login' 'actions'=>array('login'), 'users'=>array('*'), ), array('allow', // allow authenticated user to perform any action 'users'=>array('@'), ), array('deny', // deny all users 'users'=>array('*'), ), ); } // The rest of the SiteController implementation } ?>
I am not sure if this is the best possible solution, but since it is simple and elegant I am inclined to think it is.