From 325f83f66b801605638ebbd0d7635d863ab29c3f Mon Sep 17 00:00:00 2001
From: Alexander Makarov <sam@rmcreative.ru>
Date: Mon, 16 Sep 2013 02:41:19 +0400
Subject: [PATCH] Basic application enhancements.

- Turned on CSRF validation by default.
- Application params are now readed before config is defined to be able to use values from params when configuring.
- Added access control for login and logout.
---
 apps/basic/config/web.php                 |  7 +++++--
 apps/basic/controllers/SiteController.php | 22 ++++++++++++++++++++++
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/apps/basic/config/web.php b/apps/basic/config/web.php
index 1433a64..e7d9420 100644
--- a/apps/basic/config/web.php
+++ b/apps/basic/config/web.php
@@ -1,9 +1,12 @@
 <?php
-
+$params = require(__DIR__ . '/params.php');
 $config = array(
 	'id' => 'bootstrap',
 	'basePath' => dirname(__DIR__),
 	'components' => array(
+		'request' => array(
+			'enableCsrfValidation' => true,
+		),
 		'cache' => array(
 			'class' => 'yii\caching\FileCache',
 		),
@@ -23,7 +26,7 @@ $config = array(
 			),
 		),
 	),
-	'params' => require(__DIR__ . '/params.php'),
+	'params' => $params,
 );
 
 if (YII_ENV_DEV) {
diff --git a/apps/basic/controllers/SiteController.php b/apps/basic/controllers/SiteController.php
index cd0b3fb..785eddf 100644
--- a/apps/basic/controllers/SiteController.php
+++ b/apps/basic/controllers/SiteController.php
@@ -9,6 +9,28 @@ use app\models\ContactForm;
 
 class SiteController extends Controller
 {
+	public function behaviors()
+	{
+		return array(
+			'access' => array(
+				'class' => \yii\web\AccessControl::className(),
+				'only' => array('login', 'logout'),
+				'rules' => array(
+					array(
+						'actions' => array('login'),
+						'allow' => true,
+						'roles' => array('?'),
+					),
+					array(
+						'actions' => array('logout'),
+						'allow' => true,
+						'roles' => array('@'),
+					),
+				),
+			),
+		);
+	}
+
 	public function actions()
 	{
 		return array(