Restrict access to pages for non logged users
-
15-04-2021 - |
Domanda
I need to restrict access to all pages except / customers, contacts and home page My code is don`n work
<?php
use Magento\Customer\Model\Context;
use Magento\Framework\Event\Observer;
use Magento\Framework\Event\ObserverInterface;
use Magento\Store\Model\StoreManagerInterface;
class Restrictcmspage implements ObserverInterface
{
/**
* RestrictWebsite constructor.
*/
public function __construct(
\Magento\Framework\Event\ManagerInterface $eventManager,
\Magento\Framework\App\Response\Http $response,
\Magento\Framework\UrlFactory $urlFactory,
\Magento\Framework\App\Http\Context $context,
\Magento\Framework\App\ActionFlag $actionFlag
)
{
$this->_response = $response;
$this->_urlFactory = $urlFactory;
$this->_context = $context;
$this->_actionFlag = $actionFlag;
}
/**
* @param Observer $observer
* @return void
*/
public function execute(Observer $observer)
{
$allowedRoutes = [
'customer_account_index',
'customer_account_login',
'customer_account_loginpost',
'customer_account_create',
'customer_account_createpost',
'customer_account_logoutsuccess',
'customer_account_confirm',
'customer_account_confirmation',
'customer_account_forgotpassword',
'customer_account_forgotpasswordpost',
'customer_account_createpassword',
'customer_account_resetpasswordpost',
'customer_section_load'
];
$request = $observer->getEvent()->getRequest();
$isCustomerLoggedIn = $this->_context->getValue(Context::CONTEXT_AUTH);
$actionFullName = strtolower($request->getFullActionName());
if (!$isCustomerLoggedIn && !in_array($actionFullName, $allowedRoutes)) {
$this->_response->setRedirect($this->_urlFactory->create()->getUrl('customer/account/login'));
}
}
}
?>
But this code does not work correctly, I cannot add my pages and this code restricts the login to the admin panel
If the page is not in the allowed list, return the main page
Soluzione
- Your code is preventing you from accessing the Admin page because you didn't check the state. There are two states:
frontend
andbackend
and you can check it by wrapping your code with thegetAreaCode()
method ofMagento\Framework\App\State
class. - You can simply using
$observer->getEvent()->getRequest()->getControllerName() === 'account'
for checking the customer pages. - For checking the home page,
$observer->getEvent()->getRequest()->getFullActionName() === 'cms_index_index'
. - For checking the contact page,
$observer->getEvent()->getRequest()->getOriginalPathInfo() === '/contact'
.
And here is an example class for doing the whole things above.
<?php
namespace Steven\Restriction\Observer;
use Magento\Customer\Model\Session;
use Magento\Framework\App\Response\RedirectInterface;
use Magento\Framework\App\State;
use Magento\Framework\Event\Observer;
use Magento\Framework\Event\ObserverInterface;
use Magento\Framework\Exception\LocalizedException;
use Magento\Store\Model\StoreManagerInterface;
/**
* Class CustomerRestriction
* @package Steven\Restriction\Observer
*/
class CustomerRestriction implements ObserverInterface
{
/**
* @var RedirectInterface
*/
protected $redirect;
/**
* @var Session
*/
protected $customerSession;
/**
* @var State
*/
protected $state;
/**
* @var StoreManagerInterface
*/
protected $storeManager;
/**
* CustomerRestriction constructor.
* @param Session $customerSession
* @param RedirectInterface $redirect
* @param State $state
* @param StoreManagerInterface $storeManager
*/
public function __construct(
Session $customerSession,
RedirectInterface $redirect,
State $state,
StoreManagerInterface $storeManager
) {
$this->customerSession = $customerSession;
$this->redirect = $redirect;
$this->state = $state;
$this->storeManager = $storeManager;
}
/**
* @param Observer $observer
* @return $this
* @throws LocalizedException
*/
public function execute(Observer $observer)
{
// Only restrict the frontend pages
if ($this->getArea() === 'frontend') {
$controllerName = $observer->getEvent()->getRequest()->getControllerName();
$controller = $observer->getControllerAction();
// Allow homepage
if ($observer->getEvent()->getRequest()->getFullActionName() === 'cms_index_index') {
return $this;
}
// Allow contact page. Assume the url is /contact
if ($observer->getEvent()->getRequest()->getOriginalPathInfo() === '/contact') {
return $this;
}
// Allow customer pages, customer actions (sign in, sign up, reset password, etc...) and sections (cart sections, customer sections, etc...)
if ($controllerName === 'account' || $controllerName === 'section') {
return $this;
}
// Redirect to login page if customer is not logged in
if (!$this->customerSession->isLoggedIn()) {
$this->redirect->redirect($controller->getResponse(), 'customer/account/login');
}
}
return $this;
}
/**
* @return mixed
* @throws LocalizedException
*/
private function getArea()
{
return $this->state->getAreaCode();
}
}
Hope it can help you.
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a magento.stackexchange