From f7a28f3df0223207a574c6863ef04b5459d24735 Mon Sep 17 00:00:00 2001 From: Alexander Makarov Date: Mon, 16 Sep 2013 02:41:19 +0400 Subject: [PATCH] Basic application enhancements. - Turned on CSRF validation by default. - Application params are now readed before config is defined to be able to use values from params when configuring. - Added access control for login and logout. --- config/web.php | 7 +++++-- controllers/SiteController.php | 22 ++++++++++++++++++++++ 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/config/web.php b/config/web.php index 1433a64..e7d9420 100644 --- a/config/web.php +++ b/config/web.php @@ -1,9 +1,12 @@ 'bootstrap', 'basePath' => dirname(__DIR__), 'components' => array( + 'request' => array( + 'enableCsrfValidation' => true, + ), 'cache' => array( 'class' => 'yii\caching\FileCache', ), @@ -23,7 +26,7 @@ $config = array( ), ), ), - 'params' => require(__DIR__ . '/params.php'), + 'params' => $params, ); if (YII_ENV_DEV) { diff --git a/controllers/SiteController.php b/controllers/SiteController.php index cd0b3fb..785eddf 100644 --- a/controllers/SiteController.php +++ b/controllers/SiteController.php @@ -9,6 +9,28 @@ use app\models\ContactForm; class SiteController extends Controller { + public function behaviors() + { + return array( + 'access' => array( + 'class' => \yii\web\AccessControl::className(), + 'only' => array('login', 'logout'), + 'rules' => array( + array( + 'actions' => array('login'), + 'allow' => true, + 'roles' => array('?'), + ), + array( + 'actions' => array('logout'), + 'allow' => true, + 'roles' => array('@'), + ), + ), + ), + ); + } + public function actions() { return array(