Basic application enhancements.
- Turned on CSRF validation by default. - Application params are now readed before config is defined to be able to use values from params when configuring. - Added access control for login and logout.
This commit is contained in:
parent
7c1050460c
commit
f7a28f3df0
@ -1,9 +1,12 @@
|
||||
<?php
|
||||
|
||||
$params = require(__DIR__ . '/params.php');
|
||||
$config = array(
|
||||
'id' => 'bootstrap',
|
||||
'basePath' => dirname(__DIR__),
|
||||
'components' => array(
|
||||
'request' => array(
|
||||
'enableCsrfValidation' => true,
|
||||
),
|
||||
'cache' => array(
|
||||
'class' => 'yii\caching\FileCache',
|
||||
),
|
||||
@ -23,7 +26,7 @@ $config = array(
|
||||
),
|
||||
),
|
||||
),
|
||||
'params' => require(__DIR__ . '/params.php'),
|
||||
'params' => $params,
|
||||
);
|
||||
|
||||
if (YII_ENV_DEV) {
|
||||
|
@ -9,6 +9,28 @@ use app\models\ContactForm;
|
||||
|
||||
class SiteController extends Controller
|
||||
{
|
||||
public function behaviors()
|
||||
{
|
||||
return array(
|
||||
'access' => array(
|
||||
'class' => \yii\web\AccessControl::className(),
|
||||
'only' => array('login', 'logout'),
|
||||
'rules' => array(
|
||||
array(
|
||||
'actions' => array('login'),
|
||||
'allow' => true,
|
||||
'roles' => array('?'),
|
||||
),
|
||||
array(
|
||||
'actions' => array('logout'),
|
||||
'allow' => true,
|
||||
'roles' => array('@'),
|
||||
),
|
||||
),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
public function actions()
|
||||
{
|
||||
return array(
|
||||
|
Loading…
Reference in New Issue
Block a user