Chapter 6. User Authorization and Access Control
Authenticating users is just half of the story. Even if you are writing some Web community hub or, God forbid, social network, and identifying users is crucial part of your business rules, you almost always need to control which users can access which part of the application's functionality. It can be said that there's no real point in authentication without access control accompanying it, which is, user authorization.
In this chapter, we'll see how Yii 2 can help us in preventing or allowing users to access the functionality of the web application. We will focus on the following four features of Yii:
- Hook methods of the controller
- Exception handling in Yii 2
- Controller action filters
- Role-based access ...