In LS 3 it was enough to check $this->getEvent()->get('controller') == 'admin' for the beforeControllerAction event. And that was enough to know that someone was trying to get into the backend.

In LS 5, I am unable to determine if the user has accessed the backend. Because there are many different controllers than Admin that give access to manage the application. For example, when I go to the "homepageSettings" or "surveyAdministration" page, it is the backend.

I need such verification to use a plugin created for LS3, based on given criteria, to check whether someone should be granted access to the backend or not. I can't imagine defining a list of all controllers that play this role, it will be difficult to keep it, is there an easier way?

if (Yii::app()->user->id) <- we have a LimeSurvey user here with access to the backend

bismark wrote:

if (Yii::app()->user->id) <- we have a LimeSurvey user here with access to the backend
 

After logging in yes. But before logging in, typing " example.test/userRole/index " in the browser will work, it's available. The fact will redirect to /admin/authentication because I don't have permissions, but in IIS and with account creation enabled it will behave differently.

I want people who open my site in a browser (unauthenticated) to have completely restricted access to the backend so that the backend pages return a 404 error.
I am considering 3 options:
- by configuration, exclusion for a specific domain - is it possible in some magical way? - I have not found.
- physical deletion of files or a piece of code that is responsible for it (problematic with updates)
- preparation of a plugin that would be able to define what fronted/backend is. Unfortunately, the routing table won't tell me that, nor will the physical location of the controllers. Do I really need to check all controllers and actions?

PS The beforeSurveyPage event - applies to the survey page only, not the home page and related activities. So it does not comprehensively define what a frontend is.