Application template: advanced I have 2 applications: backend and frontend.

It is necessary for me that in backend all roles, except client have access.

I wrote the following in main.php:

 'as beforeRequest' => [ 'class' => 'yii\filters\AccessControl', 'rules' => [ [ 'allow' => true, 'controllers' => ['site'], 'actions' => ['login'], ], [ 'allow' => false, 'roles' => ['client'], ], ], 'denyCallback' => function () { return Yii::$app->response->redirect(['site/login']); }, ],

As a result, I get the error: ERR_TOO_MANY_REDIRECTS

As I understand it all happens like this:

  1. User logs on to site / login.
  2. Authorized in the system. He has a client role. Access is denied.
  3. There is a redirect to site / login.
  4. User is already authorized. And he has a client role. Access is denied.
  5. See 3

Endless redirect ...

How to avoid it and close access?

  • After all, you yourself have instructed him to go to site/login if access is denyCallback - denyCallback . Remove processing, see what happens. Or, log out the user and return to the login page. Or show him the page that he is forbidden to visit. - Bookin

1 answer 1

Just check the user authorization in denyCallback:

 'denyCallback' => function () { if (Yii::$app->user->isGuest()) { return Yii::$app->response->redirect(['site/login']); } else { return Yii::$app->response->redirect(['site/error']); } },