Restrict access to pages for non logged users

Question

I need to restrict access to all pages except / customers, contacts and home page My code is don`n work

    <?php

use Magento\Customer\Model\Context;
use Magento\Framework\Event\Observer;
use Magento\Framework\Event\ObserverInterface;
use Magento\Store\Model\StoreManagerInterface;

class Restrictcmspage implements ObserverInterface
{

    /**
     * RestrictWebsite constructor.
     */
    public function __construct(
        \Magento\Framework\Event\ManagerInterface $eventManager,
        \Magento\Framework\App\Response\Http $response,
        \Magento\Framework\UrlFactory $urlFactory,
        \Magento\Framework\App\Http\Context $context,
        \Magento\Framework\App\ActionFlag $actionFlag
    )
    {
        $this->_response = $response;
        $this->_urlFactory = $urlFactory;
        $this->_context = $context;
        $this->_actionFlag = $actionFlag;
    }

    /**
     * @param Observer $observer
     * @return void
     */
    public function execute(Observer $observer)
    {
        $allowedRoutes = [

            'customer_account_index',
            'customer_account_login',
            'customer_account_loginpost',
            'customer_account_create',
            'customer_account_createpost',
            'customer_account_logoutsuccess',
            'customer_account_confirm',
            'customer_account_confirmation',
            'customer_account_forgotpassword',
            'customer_account_forgotpasswordpost',
            'customer_account_createpassword',
            'customer_account_resetpasswordpost',
            'customer_section_load'
        ];

        $request = $observer->getEvent()->getRequest();
        $isCustomerLoggedIn = $this->_context->getValue(Context::CONTEXT_AUTH);
        $actionFullName = strtolower($request->getFullActionName());

        if (!$isCustomerLoggedIn && !in_array($actionFullName, $allowedRoutes)) {
            $this->_response->setRedirect($this->_urlFactory->create()->getUrl('customer/account/login'));
        }

    }
}
?>

But this code does not work correctly, I cannot add my pages and this code restricts the login to the admin panel

If the page is not in the allowed list, return the main page

Answer 1

1. Your code is preventing you from accessing the Admin page because you didn't check the state. There are two states: frontend and backend and you can check it by wrapping your code with the getAreaCode() method of Magento\Framework\App\State class.
2. You can simply using $observer->getEvent()->getRequest()->getControllerName() === 'account' for checking the customer pages.
3. For checking the home page, $observer->getEvent()->getRequest()->getFullActionName() === 'cms_index_index'.
4. For checking the contact page, $observer->getEvent()->getRequest()->getOriginalPathInfo() === '/contact'.

And here is an example class for doing the whole things above.

<?php

namespace Steven\Restriction\Observer;

use Magento\Customer\Model\Session;
use Magento\Framework\App\Response\RedirectInterface;
use Magento\Framework\App\State;
use Magento\Framework\Event\Observer;
use Magento\Framework\Event\ObserverInterface;
use Magento\Framework\Exception\LocalizedException;
use Magento\Store\Model\StoreManagerInterface;

/**
 * Class CustomerRestriction
 * @package Steven\Restriction\Observer
 */
class CustomerRestriction implements ObserverInterface
{
    /**
     * @var RedirectInterface
     */
    protected $redirect;

    /**
     * @var Session
     */
    protected $customerSession;

    /**
     * @var State
     */
    protected $state;

    /**
     * @var StoreManagerInterface
     */
    protected $storeManager;

    /**
     * CustomerRestriction constructor.
     * @param Session $customerSession
     * @param RedirectInterface $redirect
     * @param State $state
     * @param StoreManagerInterface $storeManager
     */
    public function __construct(
        Session $customerSession,
        RedirectInterface $redirect,
        State $state,
        StoreManagerInterface $storeManager
    ) {
        $this->customerSession = $customerSession;
        $this->redirect = $redirect;
        $this->state = $state;
        $this->storeManager = $storeManager;
    }

    /**
     * @param Observer $observer
     * @return $this
     * @throws LocalizedException
     */
    public function execute(Observer $observer)
    {
        // Only restrict the frontend pages
        if ($this->getArea() === 'frontend') {
            $controllerName = $observer->getEvent()->getRequest()->getControllerName();
            $controller = $observer->getControllerAction();

            // Allow homepage
            if ($observer->getEvent()->getRequest()->getFullActionName() === 'cms_index_index') {
                return $this;
            }

            // Allow contact page. Assume the url is /contact
            if ($observer->getEvent()->getRequest()->getOriginalPathInfo() === '/contact') {
                return $this;
            }

            // Allow customer pages, customer actions (sign in, sign up, reset password, etc...) and sections (cart sections, customer sections, etc...)
            if ($controllerName === 'account' || $controllerName === 'section') {
                return $this;
            }

            // Redirect to login page if customer is not logged in
            if (!$this->customerSession->isLoggedIn()) {
                $this->redirect->redirect($controller->getResponse(), 'customer/account/login');
            }
        }

        return $this;
    }

    /**
     * @return mixed
     * @throws LocalizedException
     */
    private function getArea()
    {
        return $this->state->getAreaCode();
    }
}

Hope it can help you.