I'm doing something wrong I guess, I want to limited access to a module. Only logged in user may access the tijdmachine module.
This is my module.config.php:
<?php
namespace Tijdmachine;
return array(
'resource_providers' => array(
'BjyAuthorizeProviderResourceConfig' => array(
'tijdmachine' => array(),
),
),
'rule_providers' => array(
'BjyAuthorizeProviderRuleConfig' => array(
'allow' => array(
array(array('user'), 'tijdmachine', array('index')),
),
),
),
'view_manager' => array(
'template_path_stack' => array(__DIR__ . '/../view')
),
'controllers' => array(
'invokables' => array(
'Tijdmachine\Controller\IndexController' => 'Tijdmachine\Controller\IndexController',
)
),
'router' => array(
'routes' => array(
'tijdmachine' => array(
'resource' => 'tijdmachine',
'privilege' => 'index',
'type' => 'segment',
'options' => array(
'route' => '/tijdmachine',
// <---- url format module/action/id
'constraints' => array(
'action' => '[a-zA-Z][a-zA-Z0-9_-]*',
'id' => '[0-9]+',
),
'defaults' => array(
'controller' => 'Tijdmachine\Controller\IndexController',
// <--- Defined as the module controller
'action' => 'index',
// <---- Default action
),
),
),
),
),
);
I defined a resource, a privilege and named them in my route. But, if I go the the specific url, I will still see all the information without being logged in. What am I doing wrong?
Thanks in advance!
as stated in the documentation, you need to use the class names in the config:
return array(
'resource_providers' => array(
'BjyAuthorize\Provider\Resource\Config' => array(
'tijdmachine' => array(),
),
),
'rule_providers' => array(
'BjyAuthorize\Provider\Rule\Config' => array(
'allow' => array(
array(array('user'), 'tijdmachine', array('index')),
),
),
),
...
'guards' => array(
/* If this guard is specified here (i.e. it is enabled], it will block
* access to all routes unless they are specified here.
*/
\BjyAuthorize\Guard\Route::class => array(
['route' => 'tijdmachine', 'roles' => ['user']],
),
),
);