From 75290522eebb2e8588fc71ddc774bc09754de4b2 Mon Sep 17 00:00:00 2001
From: alex_prokopenko <ab.prokopenko@gmail.com>
Date: Tue, 6 Feb 2018 18:59:34 +0200
Subject: [PATCH 1/6] Updated readme with admin access

---
 CHANGELOG.md | 6 ++++++
 README.md    | 9 ++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 84c9f60..80a832b 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,12 @@ CHANGELOG for Yii2 STARTER PROJECT TEMPLATE
 
 *should be replaced with real project changelog later*
 
+
+v0.8.5
+---------------------
+* Issue #19: Updated README about how to access the site
+* 
+
 v0.8.4
 ---------------------
 * Added prefer-stable directive to composer.json
diff --git a/README.md b/README.md
index dc3b1c1..4b596d2 100755
--- a/README.md
+++ b/README.md
@@ -133,9 +133,16 @@ Now you should be able to access the application through the following URL, assu
 directly under the Web root.
 
 ~~~
-http://localhost/my-project/web/
+http://localhost/my-project/public/
 ~~~
 
+Admin panel can be accessible only after login. If you used fixtures to fill the database with dummy content,
+then admin panel access will be:
+
+	http://localhost/my-project/public/admin/
+	User:       admin@domain.com
+	Password:   password_0
+
 TESTING
 -------
 

From cc1a1649473b3e80bfadcde2c0ec52c4c1576662 Mon Sep 17 00:00:00 2001
From: alex_prokopenko <ab.prokopenko@gmail.com>
Date: Tue, 6 Feb 2018 19:12:49 +0200
Subject: [PATCH 2/6] Added admin panel link in menu

---
 app/views/partials/header.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/views/partials/header.php b/app/views/partials/header.php
index 808f44b..e6f3b1e 100755
--- a/app/views/partials/header.php
+++ b/app/views/partials/header.php
@@ -5,6 +5,7 @@
 use yii\helpers\Html;
 use yii\bootstrap\Nav;
 use yii\bootstrap\NavBar;
+use justcoded\yii2\rbac\models\Item as RbacItem;
 
 NavBar::begin([
 	'brandLabel' => 'My Company',
@@ -19,6 +20,8 @@
 		['label' => 'Home', 'url' => ['/site/index']],
 		['label' => 'About', 'url' => ['/site/about']],
 		['label' => 'Contact', 'url' => ['/site/contact']],
+
+		['label' => 'Admin Panel', 'url' => ['/admin'], 'visible' => user()->can(RbacItem::PERMISSION_ADMINISTER)],
 		Yii::$app->user->isGuest ? (
 		['label' => 'Login', 'url' => ['/auth/login']]
 		) : (

From 3f12ae377f3e14cc4895b0fc9f98e20e4f035473 Mon Sep 17 00:00:00 2001
From: alex_prokopenko <ab.prokopenko@gmail.com>
Date: Tue, 6 Feb 2018 19:37:47 +0200
Subject: [PATCH 3/6] Fixed #20 - not working adminlte js

---
 CHANGELOG.md                             | 2 +-
 app/modules/admin/views/partials/nav.php | 2 +-
 composer.json                            | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 80a832b..4f0dcae 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,7 +7,7 @@ CHANGELOG for Yii2 STARTER PROJECT TEMPLATE
 v0.8.5
 ---------------------
 * Issue #19: Updated README about how to access the site
-* 
+* Issue #20: Admin panel chrome console error: not working adminlte js
 
 v0.8.4
 ---------------------
diff --git a/app/modules/admin/views/partials/nav.php b/app/modules/admin/views/partials/nav.php
index 4a63d33..d82a82d 100755
--- a/app/modules/admin/views/partials/nav.php
+++ b/app/modules/admin/views/partials/nav.php
@@ -4,7 +4,7 @@
 
 		<?= dmstr\widgets\Menu::widget(
 			[
-				'options' => ['class' => 'sidebar-menu'],
+				'options' => ['class' => 'sidebar-menu', 'data-widget' => 'tree',],
 				'items'   => [
 					['label' => 'MAIN NAVIGATION', 'options' => ['class' => 'header']],
 					['label' => 'Dashboard', 'icon' => 'dashboard', 'url' => ['/admin/dashboard']],
diff --git a/composer.json b/composer.json
index fe22d3c..440ff22 100755
--- a/composer.json
+++ b/composer.json
@@ -13,7 +13,7 @@
     "yiisoft/yii2-swiftmailer": "~2.0.0",
     "yiisoft/yii2-faker": "~2.0.0",
     "vlucas/phpdotenv": "~2.2",
-    "dmstr/yii2-adminlte-asset": "2.4.3",
+    "dmstr/yii2-adminlte-asset": "~2.6",
     "justcoded/yii2-settings": "*",
     "justcoded/yii2-rbac": "*"
   },

From dcab0eaa0fd5a593cfdad6aab5a6e33cdefe3121 Mon Sep 17 00:00:00 2001
From: alex_prokopenko <ab.prokopenko@gmail.com>
Date: Tue, 6 Feb 2018 19:43:06 +0200
Subject: [PATCH 4/6] Clickjacking attack fixC

---
 CHANGELOG.md       | 1 +
 config/app-web.php | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4f0dcae..3ce1631 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ v0.8.5
 ---------------------
 * Issue #19: Updated README about how to access the site
 * Issue #20: Admin panel chrome console error: not working adminlte js
+* Issue #22: "Clickjacking" attack fix
 
 v0.8.4
 ---------------------
diff --git a/config/app-web.php b/config/app-web.php
index ce4ce84..f7c281e 100755
--- a/config/app-web.php
+++ b/config/app-web.php
@@ -23,9 +23,15 @@
 	],
 	'components' => [
 		'request'      => [
-			// TODO: move generator to console command
+			// TODO: move generator to console command.
 			'cookieValidationKey' => env('APP_KEY'),
 		],
+		'response' => [
+			// "Clickjacking" attack fix.
+			'on beforeSend' => function ($event) {
+				$event->sender->headers->add('X-Frame-Options', 'SAMEORIGIN');
+			},
+		],
 		'db'           => $db,
 		'user'         => [
 			'identityClass'   => 'app\models\User',

From 76e30809a465ff76d4d595ad06b90f91de085f36 Mon Sep 17 00:00:00 2001
From: alex_prokopenko <ab.prokopenko@gmail.com>
Date: Tue, 6 Feb 2018 20:07:12 +0200
Subject: [PATCH 5/6] #21 IDE helper class for Yii::app custom components

---
 app/Yii.php                 | 49 +++++++++++++++++++++++++++++++++++++
 app/console/Application.php | 23 -----------------
 app/web/Application.php     | 24 ------------------
 app/web/Yii.php             | 31 -----------------------
 config/app-console.php      |  2 +-
 config/app-test.php         |  1 +
 config/app-web.php          |  1 +
 public/index-test.php       |  8 +++---
 public/index.php            |  7 +++---
 yii                         |  2 +-
 10 files changed, 60 insertions(+), 88 deletions(-)
 create mode 100644 app/Yii.php
 delete mode 100755 app/console/Application.php
 delete mode 100755 app/web/Application.php
 delete mode 100755 app/web/Yii.php

diff --git a/app/Yii.php b/app/Yii.php
new file mode 100644
index 0000000..9f0ba0c
--- /dev/null
+++ b/app/Yii.php
@@ -0,0 +1,49 @@
+<?php
+/**
+ * IDE autocompletion for custom components!
+ * This file doesn't included anywhere inside the code!!!
+ */
+
+/**
+ * Yii bootstrap file.
+ * Used for enhanced IDE code autocompletion.
+ */
+class Yii extends \yii\BaseYii
+{
+	/**
+	 * @var BaseApplication|WebApplication|ConsoleApplication the application instance
+	 */
+	public static $app;
+}
+
+/**
+ * Class BaseApplication
+ * Used for properties that are identical for both WebApplication and ConsoleApplication
+ *
+ * @property \app\components\Settings $settings Configuration params
+ */
+abstract class BaseApplication extends \yii\base\Application
+{
+}
+
+/**
+ * Class WebApplication
+ * Include only Web application related components here
+ *
+ * @property \app\i18n\Formatter $formatter The main formatter for app
+ * @method \app\i18n\Formatter getFormatter The main formatter for app
+ */
+class WebApplication extends \yii\web\Application
+{
+}
+
+/**
+ * Class ConsoleApplication
+ * Include only Console application related components here
+ *
+ * @property \app\i18n\Formatter $formatter The main formatter for app
+ * @method \app\i18n\Formatter getFormatter The main formatter for app
+ */
+class ConsoleApplication extends \yii\console\Application
+{
+}
\ No newline at end of file
diff --git a/app/console/Application.php b/app/console/Application.php
deleted file mode 100755
index b147617..0000000
--- a/app/console/Application.php
+++ /dev/null
@@ -1,23 +0,0 @@
-<?php
-
-namespace app\console;
-
-
-/**
- * Custom App class to allow custom components IDE
- *
- * @property \app\i18n\Formatter $formatter The main formatter for app
- * @property \app\components\Settings $settings Configuration params
- */
-class Application extends \yii\console\Application
-{
-	/**
-	 * @var string the namespace that controller classes are located in.
-	 * This namespace will be used to load controller classes by prepending it to the controller class name.
-	 * The default namespace is `app\controllers`.
-	 *
-	 * Please refer to the [guide about class autoloading](guide:concept-autoloading.md) for more details.
-	 */
-	public $controllerNamespace = 'app\\console\\controllers';
-
-}
diff --git a/app/web/Application.php b/app/web/Application.php
deleted file mode 100755
index 9930a94..0000000
--- a/app/web/Application.php
+++ /dev/null
@@ -1,24 +0,0 @@
-<?php
-
-namespace app\web;
-
-use app\components\Settings;
-use yii\helpers\ArrayHelper;
-
-/**
- * Custom App class to allow custom components IDE
- *
- * @property \app\i18n\Formatter $formatter The main formatter for app
- * @property \app\components\Settings $settings Configuration params
- */
-class Application extends \yii\web\Application
-{
-	/**
-	 * @var string the namespace that controller classes are located in.
-	 * This namespace will be used to load controller classes by prepending it to the controller class name.
-	 * The default namespace is `app\controllers`.
-	 *
-	 * Please refer to the [guide about class autoloading](guide:concept-autoloading.md) for more details.
-	 */
-	public $controllerNamespace = 'app\\web\\controllers';
-}
diff --git a/app/web/Yii.php b/app/web/Yii.php
deleted file mode 100755
index c62e401..0000000
--- a/app/web/Yii.php
+++ /dev/null
@@ -1,31 +0,0 @@
-<?php
-/**
- * Yii bootstrap file.
- *
- * @link http://www.yiiframework.com/
- * @copyright Copyright (c) 2008 Yii Software LLC
- * @license http://www.yiiframework.com/license/
- */
-
-require(__DIR__ . '/../../vendor/yiisoft/yii2/BaseYii.php');
-
-/**
- * Yii is a helper class serving common framework functionalities.
- *
- * It extends from [[\yii\BaseYii]] which provides the actual implementation.
- * By writing your own Yii class, you can customize some functionalities of [[\yii\BaseYii]].
- *
- * @author Qiang Xue <qiang.xue@gmail.com>
- * @since 2.0
- */
-class Yii extends \yii\BaseYii
-{
-	/**
-	 * @var \app\web\Application
-	 */
-	public static $app;
-}
-
-spl_autoload_register(['Yii', 'autoload'], true, true);
-Yii::$classMap  = include(__DIR__ . '/../../vendor/yiisoft/yii2/classes.php');
-Yii::$container = new \yii\di\Container;
diff --git a/config/app-console.php b/config/app-console.php
index bd5964b..410d1b3 100755
--- a/config/app-console.php
+++ b/config/app-console.php
@@ -10,8 +10,8 @@
 	'basePath'   => dirname(__DIR__) . '/app',
 	'runtimePath'   => dirname(__DIR__) . '/runtime',
 	'vendorPath'   => dirname(__DIR__) . '/vendor',
+	'controllerNamespace' => 'app\\console\\controllers',
 	'bootstrap'  => ['log', 'settings'],
-	'controllerNamespace' => 'app\console\controllers',
 	'aliases'    => [
 		'@config'=> dirname(__DIR__) . '/config',
 		'@migrations' => dirname(__DIR__) . '/database/migrations',
diff --git a/config/app-test.php b/config/app-test.php
index d824f81..c01fdca 100755
--- a/config/app-test.php
+++ b/config/app-test.php
@@ -15,6 +15,7 @@
 	'basePath'   => dirname(__DIR__) . '/app',
 	'runtimePath'   => dirname(__DIR__) . '/runtime',
 	'vendorPath'   => dirname(__DIR__) . '/vendor',
+	'controllerNamespace' => 'app\\web\\controllers',
 	'aliases'    => [
 		'@config'=> '@app/../config',
 		'@bower' => '@vendor/bower-asset',
diff --git a/config/app-web.php b/config/app-web.php
index f7c281e..e7f969f 100755
--- a/config/app-web.php
+++ b/config/app-web.php
@@ -12,6 +12,7 @@
 	'basePath'   => dirname(__DIR__) . '/app',
 	'runtimePath'   => dirname(__DIR__) . '/runtime',
 	'vendorPath'   => dirname(__DIR__) . '/vendor',
+	'controllerNamespace' => 'app\\web\\controllers',
 	'bootstrap'  => ['log', 'settings'],
 	'aliases'    => [
 		'@config'=> '@app/../config',
diff --git a/public/index-test.php b/public/index-test.php
index 2c0c39a..e5ca091 100644
--- a/public/index-test.php
+++ b/public/index-test.php
@@ -1,13 +1,13 @@
 <?php
 
-// NOTE: Make sure this file is not accessible when deployed to production
+// NOTE: Make sure this file is not accessible when deployed to production.
 if (!in_array(@$_SERVER['REMOTE_ADDR'], ['127.0.0.1', '::1'])) {
-    die('You are not allowed to access this file.');
+	die('You are not allowed to access this file.');
 }
 
 require(__DIR__ . '/../vendor/autoload.php');
 require(__DIR__ . '/../app/bootstrap.php');
-// support .env file
+// support .env file.
 dotenv(dirname(__DIR__))->load();
 
 defined('YII_DEBUG') or define('YII_DEBUG', true);
@@ -17,4 +17,4 @@
 
 $config = require(__DIR__ . '/../config/app-test.php');
 
-(new \app\web\Application($config))->run();
+(new yii\web\Application($config))->run();
diff --git a/public/index.php b/public/index.php
index a412ab8..0bad687 100644
--- a/public/index.php
+++ b/public/index.php
@@ -2,18 +2,17 @@
 
 require(__DIR__ . '/../vendor/autoload.php');
 require(__DIR__ . '/../app/bootstrap.php');
-// support .env file
+// support .env file.
 dotenv(dirname(__DIR__))->load();
 
-// comment out the following two lines when deployed to production
 defined('YII_DEBUG') or define('YII_DEBUG', env('APP_DEBUG', false));
 defined('YII_ENV') or define('YII_ENV', env('APP_ENV', 'production'));
 
-require(__DIR__ . '/../app/web/Yii.php');
+require __DIR__ . '/../vendor/yiisoft/yii2/Yii.php';
 
 $config = \yii\helpers\ArrayHelper::merge(
 	require(__DIR__ . '/../config/app-web.php'),
 	require(__DIR__ . '/../config/rbac.php')
 );
 
-(new \app\web\Application($config))->run();
+(new yii\web\Application($config))->run();
diff --git a/yii b/yii
index e33ab83..11e439d 100755
--- a/yii
+++ b/yii
@@ -22,6 +22,6 @@ require __DIR__ . '/vendor/yiisoft/yii2/Yii.php';
 
 $config = require __DIR__ . '/config/app-console.php';
 
-$application = new \app\console\Application($config);
+$application = new \yii\console\Application($config);
 $exitCode = $application->run();
 exit($exitCode);

From 56557c7634b0004e646131add1e7946142b04501 Mon Sep 17 00:00:00 2001
From: alex_prokopenko <ab.prokopenko@gmail.com>
Date: Tue, 6 Feb 2018 20:08:23 +0200
Subject: [PATCH 6/6] #21 IDE helper class for Yii::app custom components -
 changelog update

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3ce1631..b5bee4c 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ v0.8.5
 ---------------------
 * Issue #19: Updated README about how to access the site
 * Issue #20: Admin panel chrome console error: not working adminlte js
+* Issue #21: Replace custom Application classes with simple IDE helper file with definitions
 * Issue #22: "Clickjacking" attack fix
 
 v0.8.4