Basic application enhancements.

- Turned on CSRF validation by default.
- Application params are now readed before config is defined to be able to use values from params when configuring.
- Added access control for login and logout.
This commit is contained in:
Alexander Makarov 2013-09-16 02:41:19 +04:00
parent 7c1050460c
commit f7a28f3df0
2 changed files with 27 additions and 2 deletions

View File

@ -1,9 +1,12 @@
<?php <?php
$params = require(__DIR__ . '/params.php');
$config = array( $config = array(
'id' => 'bootstrap', 'id' => 'bootstrap',
'basePath' => dirname(__DIR__), 'basePath' => dirname(__DIR__),
'components' => array( 'components' => array(
'request' => array(
'enableCsrfValidation' => true,
),
'cache' => array( 'cache' => array(
'class' => 'yii\caching\FileCache', 'class' => 'yii\caching\FileCache',
), ),
@ -23,7 +26,7 @@ $config = array(
), ),
), ),
), ),
'params' => require(__DIR__ . '/params.php'), 'params' => $params,
); );
if (YII_ENV_DEV) { if (YII_ENV_DEV) {

View File

@ -9,6 +9,28 @@ use app\models\ContactForm;
class SiteController extends Controller class SiteController extends Controller
{ {
public function behaviors()
{
return array(
'access' => array(
'class' => \yii\web\AccessControl::className(),
'only' => array('login', 'logout'),
'rules' => array(
array(
'actions' => array('login'),
'allow' => true,
'roles' => array('?'),
),
array(
'actions' => array('logout'),
'allow' => true,
'roles' => array('@'),
),
),
),
);
}
public function actions() public function actions()
{ {
return array( return array(