Merge pull request #23 from justcoded/develop

Fixed adminlte dependency, clickjacking, new IDE helper file

CHANGELOG.md

@@ -3,6 +3,14 @@ CHANGELOG for Yii2 STARTER PROJECT TEMPLATE
 
 *should be replaced with real project changelog later*
 
+
+v0.8.5
+---------------------
+* Issue #19: Updated README about how to access the site
+* Issue #20: Admin panel chrome console error: not working adminlte js
+* Issue #21: Replace custom Application classes with simple IDE helper file with definitions
+* Issue #22: "Clickjacking" attack fix
+
 v0.8.4
 ---------------------
 * Added prefer-stable directive to composer.json

README.md

@@ -133,9 +133,16 @@ Now you should be able to access the application through the following URL, assu
 directly under the Web root.
 
 ~~~
-http://localhost/my-project/web/
+http://localhost/my-project/public/
 ~~~
 
+Admin panel can be accessible only after login. If you used fixtures to fill the database with dummy content,
+then admin panel access will be:
+
+	http://localhost/my-project/public/admin/
+	User:       [email protected]
+	Password:   password_0
+
 TESTING
 -------
 

app/Yii.php

@@ -0,0 +1,49 @@
+<?php
+/**
+ * IDE autocompletion for custom components!
+ * This file doesn't included anywhere inside the code!!!
+ */
+
+/**
+ * Yii bootstrap file.
+ * Used for enhanced IDE code autocompletion.
+ */
+class Yii extends \yii\BaseYii
+{
+	/**
+	 * @var BaseApplication|WebApplication|ConsoleApplication the application instance
+	 */
+	public static $app;
+}
+
+/**
+ * Class BaseApplication
+ * Used for properties that are identical for both WebApplication and ConsoleApplication
+ *
+ * @property \app\components\Settings $settings Configuration params
+ */
+abstract class BaseApplication extends \yii\base\Application
+{
+}
+
+/**
+ * Class WebApplication
+ * Include only Web application related components here
+ *
+ * @property \app\i18n\Formatter $formatter The main formatter for app
+ * @method \app\i18n\Formatter getFormatter The main formatter for app
+ */
+class WebApplication extends \yii\web\Application
+{
+}
+
+/**
+ * Class ConsoleApplication
+ * Include only Console application related components here
+ *
+ * @property \app\i18n\Formatter $formatter The main formatter for app
+ * @method \app\i18n\Formatter getFormatter The main formatter for app
+ */
+class ConsoleApplication extends \yii\console\Application
+{
+}

app/modules/admin/views/partials/nav.php

@@ -4,7 +4,7 @@
 
 		<?= dmstr\widgets\Menu::widget(
 			[
-				'options' => ['class' => 'sidebar-menu'],
+				'options' => ['class' => 'sidebar-menu', 'data-widget' => 'tree',],
 				'items'   => [
 					['label' => 'MAIN NAVIGATION', 'options' => ['class' => 'header']],
 					['label' => 'Dashboard', 'icon' => 'dashboard', 'url' => ['/admin/dashboard']],

app/views/partials/header.php

@@ -5,6 +5,7 @@
 use yii\helpers\Html;
 use yii\bootstrap\Nav;
 use yii\bootstrap\NavBar;
+use justcoded\yii2\rbac\models\Item as RbacItem;
 
 NavBar::begin([
 	'brandLabel' => 'My Company',
@@ -19,6 +20,8 @@
 		['label' => 'Home', 'url' => ['/site/index']],
 		['label' => 'About', 'url' => ['/site/about']],
 		['label' => 'Contact', 'url' => ['/site/contact']],
+
+		['label' => 'Admin Panel', 'url' => ['/admin'], 'visible' => user()->can(RbacItem::PERMISSION_ADMINISTER)],
 		Yii::$app->user->isGuest ? (
 		['label' => 'Login', 'url' => ['/auth/login']]
 		) : (

composer.json

@@ -13,7 +13,7 @@
     "yiisoft/yii2-swiftmailer": "~2.0.0",
     "yiisoft/yii2-faker": "~2.0.0",
     "vlucas/phpdotenv": "~2.2",
-    "dmstr/yii2-adminlte-asset": "2.4.3",
+    "dmstr/yii2-adminlte-asset": "~2.6",
     "justcoded/yii2-settings": "*",
     "justcoded/yii2-rbac": "*"
   },

config/app-console.php

@@ -10,8 +10,8 @@
 	'basePath'   => dirname(__DIR__) . '/app',
 	'runtimePath'   => dirname(__DIR__) . '/runtime',
 	'vendorPath'   => dirname(__DIR__) . '/vendor',
+	'controllerNamespace' => 'app\\console\\controllers',
 	'bootstrap'  => ['log', 'settings'],
-	'controllerNamespace' => 'app\console\controllers',
 	'aliases'    => [
 		'@config'=> dirname(__DIR__) . '/config',
 		'@migrations' => dirname(__DIR__) . '/database/migrations',

config/app-test.php

@@ -15,6 +15,7 @@
 	'basePath'   => dirname(__DIR__) . '/app',
 	'runtimePath'   => dirname(__DIR__) . '/runtime',
 	'vendorPath'   => dirname(__DIR__) . '/vendor',
+	'controllerNamespace' => 'app\\web\\controllers',
 	'aliases'    => [
 		'@config'=> '@app/../config',
 		'@bower' => '@vendor/bower-asset',

config/app-web.php

@@ -12,6 +12,7 @@
 	'basePath'   => dirname(__DIR__) . '/app',
 	'runtimePath'   => dirname(__DIR__) . '/runtime',
 	'vendorPath'   => dirname(__DIR__) . '/vendor',
+	'controllerNamespace' => 'app\\web\\controllers',
 	'bootstrap'  => ['log', 'settings'],
 	'aliases'    => [
 		'@config'=> '@app/../config',
@@ -23,9 +24,15 @@
 	],
 	'components' => [
 		'request'      => [
-			// TODO: move generator to console command
+			// TODO: move generator to console command.
 			'cookieValidationKey' => env('APP_KEY'),
 		],
+		'response' => [
+			// "Clickjacking" attack fix.
+			'on beforeSend' => function ($event) {
+				$event->sender->headers->add('X-Frame-Options', 'SAMEORIGIN');
+			},
+		],
 		'db'           => $db,
 		'user'         => [
 			'identityClass'   => 'app\models\User',

public/index-test.php

@@ -1,13 +1,13 @@
 <?php
 
-// NOTE: Make sure this file is not accessible when deployed to production
+// NOTE: Make sure this file is not accessible when deployed to production.
 if (!in_array(@$_SERVER['REMOTE_ADDR'], ['127.0.0.1', '::1'])) {
-    die('You are not allowed to access this file.');
+	die('You are not allowed to access this file.');
 }
 
 require(__DIR__ . '/../vendor/autoload.php');
 require(__DIR__ . '/../app/bootstrap.php');
-// support .env file
+// support .env file.
 dotenv(dirname(__DIR__))->load();
 
 defined('YII_DEBUG') or define('YII_DEBUG', true);
@@ -17,4 +17,4 @@
 
 $config = require(__DIR__ . '/../config/app-test.php');
 
-(new \app\web\Application($config))->run();
+(new yii\web\Application($config))->run();

public/index.php

@@ -2,18 +2,17 @@
 
 require(__DIR__ . '/../vendor/autoload.php');
 require(__DIR__ . '/../app/bootstrap.php');
-// support .env file
+// support .env file.
 dotenv(dirname(__DIR__))->load();
 
-// comment out the following two lines when deployed to production
 defined('YII_DEBUG') or define('YII_DEBUG', env('APP_DEBUG', false));
 defined('YII_ENV') or define('YII_ENV', env('APP_ENV', 'production'));
 
-require(__DIR__ . '/../app/web/Yii.php');
+require __DIR__ . '/../vendor/yiisoft/yii2/Yii.php';
 
 $config = \yii\helpers\ArrayHelper::merge(
 	require(__DIR__ . '/../config/app-web.php'),
 	require(__DIR__ . '/../config/rbac.php')
 );
 
-(new \app\web\Application($config))->run();
+(new yii\web\Application($config))->run();

yii

@@ -22,6 +22,6 @@ require __DIR__ . '/vendor/yiisoft/yii2/Yii.php';
 
 $config = require __DIR__ . '/config/app-console.php';
 
-$application = new \app\console\Application($config);
+$application = new \yii\console\Application($config);
 $exitCode = $application->run();
 exit($exitCode);