Basic application enhancements.
- Turned on CSRF validation by default. - Application params are now readed before config is defined to be able to use values from params when configuring. - Added access control for login and logout.
This commit is contained in:
parent
7c1050460c
commit
f7a28f3df0
@ -1,9 +1,12 @@
|
|||||||
<?php
|
<?php
|
||||||
|
$params = require(__DIR__ . '/params.php');
|
||||||
$config = array(
|
$config = array(
|
||||||
'id' => 'bootstrap',
|
'id' => 'bootstrap',
|
||||||
'basePath' => dirname(__DIR__),
|
'basePath' => dirname(__DIR__),
|
||||||
'components' => array(
|
'components' => array(
|
||||||
|
'request' => array(
|
||||||
|
'enableCsrfValidation' => true,
|
||||||
|
),
|
||||||
'cache' => array(
|
'cache' => array(
|
||||||
'class' => 'yii\caching\FileCache',
|
'class' => 'yii\caching\FileCache',
|
||||||
),
|
),
|
||||||
@ -23,7 +26,7 @@ $config = array(
|
|||||||
),
|
),
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
'params' => require(__DIR__ . '/params.php'),
|
'params' => $params,
|
||||||
);
|
);
|
||||||
|
|
||||||
if (YII_ENV_DEV) {
|
if (YII_ENV_DEV) {
|
||||||
|
@ -9,6 +9,28 @@ use app\models\ContactForm;
|
|||||||
|
|
||||||
class SiteController extends Controller
|
class SiteController extends Controller
|
||||||
{
|
{
|
||||||
|
public function behaviors()
|
||||||
|
{
|
||||||
|
return array(
|
||||||
|
'access' => array(
|
||||||
|
'class' => \yii\web\AccessControl::className(),
|
||||||
|
'only' => array('login', 'logout'),
|
||||||
|
'rules' => array(
|
||||||
|
array(
|
||||||
|
'actions' => array('login'),
|
||||||
|
'allow' => true,
|
||||||
|
'roles' => array('?'),
|
||||||
|
),
|
||||||
|
array(
|
||||||
|
'actions' => array('logout'),
|
||||||
|
'allow' => true,
|
||||||
|
'roles' => array('@'),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
public function actions()
|
public function actions()
|
||||||
{
|
{
|
||||||
return array(
|
return array(
|
||||||
|
Loading…
Reference in New Issue
Block a user