I have a special case for the user in my project. if user's subscription is expired (I check this in login action), he will be redirected to his profile to edit some choices. How can I prevent him from access any page except his profile. This is my code in login action
if($subPaymentType == 'free'){
$subHours = $data[0]['sub_hours'];
$minutes = $subHours * 60 * 60;
$start_time = date('d-m-Y H:i:s', $startDate);
$endDate = $minutes + strtotime($start_time);
$endDate = date('d-m-Y H:i:s', $endDate);
if(strtotime(date('d-m-Y:')) < strtotime($endDate)){
$model->login();
}else{
$model->login();
//User can access this only page only
return $this->redirect(['user/view/?id='.Yii::$app->user->id]);
}
}
You can use use AccessControl in your controller
yii\filters\AccessControl;
class YourSiteController extends Controller
{
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login','profile'],
'allow' => true,
'roles' => ['*'],
],
// allow authenticated users
[
'allow' => true,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post'],
],
],
];
}
see this guide for more http://www.yiiframework.com/doc-2.0/yii-filters-accesscontrol.html
and in the related actionView
public function actionView($id)
{
if ($id != Yii::$app->user->id){
// not allowed ... perform the action you need in this case
} else {
return $this->render('view', [
'model' => $this->findModel($id),
]);
}
}