API Documentation for Yii 1.0
0 follower
CAccessControlFilter
| Package | system.web.auth |
|---|---|
| Inheritance | class CAccessControlFilter » CFilter » CComponent |
| Implements | IFilter |
| Since | 1.0 |
| Version | $Id$ |
| Source Code | framework/web/auth/CAccessControlFilter.php |
CAccessControlFilter performs authorization checks for the specified actions.
By enabling this filter, controller actions can be checked for access permissions. Only when the user is allowed by one of the security rules, will he be able to access the action.
To specify the access rules, set the rules property, which should be an array of the rules. Each rule is specified as an array of the following structure:
By enabling this filter, controller actions can be checked for access permissions. Only when the user is allowed by one of the security rules, will he be able to access the action.
To specify the access rules, set the rules property, which should be an array of the rules. Each rule is specified as an array of the following structure:
array(
'allow', // or 'deny'
// optional, list of action IDs (case insensitive) that this rule applies to
'actions'=>array('edit', 'delete'),
// optional, list of controller IDs (case insensitive) that this rule applies to
// This option is available since version 1.0.3.
'controllers'=>array('post', 'admin/user'),
// optional, list of usernames (case insensitive) that this rule applies to
// Use * to represent all users, ? guest users, and @ authenticated users
'users'=>array('thomas', 'kevin'),
// optional, list of roles (case sensitive!) that this rule applies to.
'roles'=>array('admin', 'editor'),
// optional, list of IP address/patterns that this rule applies to
// e.g. 127.0.0.1, 127.0.0.*
'ips'=>array('127.0.0.1'),
// optional, list of request types (case insensitive) that this rule applies to
'verbs'=>array('GET', 'POST'),
// optional, a PHP expression whose value indicates whether this rule applies
// This option is available since version 1.0.3.
'expression'=>'!$user->isGuest && $user->level==2',
)
Public Properties
| Property | Type | Description | Defined By |
|---|---|---|---|
| rules | array | list of access rules. | CAccessControlFilter |
Public Methods
| Method | Description | Defined By |
|---|---|---|
| __call() | Calls the named method which is not a class method. | CComponent |
| __get() | Returns a property value, an event handler list or a behavior based on its name. | CComponent |
| __isset() | Checks if a property value is null. | CComponent |
| __set() | Sets value of a component property. | CComponent |
| __unset() | Sets a component property to be null. | CComponent |
| asa() | Returns the named behavior object. | CComponent |
| attachBehavior() | Attaches a behavior to this component. | CComponent |
| attachBehaviors() | Attaches a list of behaviors to the component. | CComponent |
| attachEventHandler() | Attaches an event handler to an event. | CComponent |
| canGetProperty() | Determines whether a property can be read. | CComponent |
| canSetProperty() | Determines whether a property can be set. | CComponent |
| detachBehavior() | Detaches a behavior from the component. | CComponent |
| detachBehaviors() | Detaches all behaviors from the component. | CComponent |
| detachEventHandler() | Detaches an existing event handler. | CComponent |
| disableBehavior() | Disables an attached behavior. | CComponent |
| disableBehaviors() | Disables all behaviors attached to this component. | CComponent |
| enableBehavior() | Enables an attached behavior. | CComponent |
| enableBehaviors() | Enables all behaviors attached to this component. | CComponent |
| filter() | Performs the filtering. | CFilter |
| getEventHandlers() | Returns the list of attached event handlers for an event. | CComponent |
| getRules() | Returns list of access rules. | CAccessControlFilter |
| hasEvent() | Determines whether an event is defined. | CComponent |
| hasEventHandler() | Checks whether the named event has attached handlers. | CComponent |
| hasProperty() | Determines whether a property is defined. | CComponent |
| raiseEvent() | Raises an event. | CComponent |
| setRules() | Sets list of access rules. | CAccessControlFilter |
Protected Methods
| Method | Description | Defined By |
|---|---|---|
| accessDenied() | Denies the access of the user. | CAccessControlFilter |
| postFilter() | Performs the post-action filtering. | CFilter |
| preFilter() | Performs the pre-action filtering. | CAccessControlFilter |
Property Details
rules
property
list of access rules.
Method Details
accessDenied()
method
(available since v1.0.5)
|
protected void accessDenied(IWebUser $user)
| ||
| $user | IWebUser | the current user |
Source Code: framework/web/auth/CAccessControlFilter.php#118 (show)
protected function accessDenied($user)
{
if($user->getIsGuest())
$user->loginRequired();
else
throw new CHttpException(403,Yii::t('yii','You are not authorized to perform this action.'));
}
Denies the access of the user. This method is invoked when access check fails.
getRules()
method
|
public array getRules()
| ||
| {return} | array | list of access rules. |
Source Code: framework/web/auth/CAccessControlFilter.php#56 (show)
public function getRules()
{
return $this->_rules;
}
preFilter()
method
|
protected boolean preFilter(CFilterChain $filterChain)
| ||
| $filterChain | CFilterChain | the filter chain that the filter is on. |
| {return} | boolean | whether the filtering process should continue and the action should be executed. |
Source Code: framework/web/auth/CAccessControlFilter.php#90 (show)
protected function preFilter($filterChain)
{
$app=Yii::app();
$request=$app->getRequest();
$user=$app->getUser();
$verb=$request->getRequestType();
$ip=$request->getUserHostAddress();
foreach($this->getRules() as $rule)
{
if(($allow=$rule->isUserAllowed($user,$filterChain->controller,$filterChain->action,$ip,$verb))>0) // allowed
break;
else if($allow<0) // denied
{
$this->accessDenied($user);
return false;
}
}
return true;
}
Performs the pre-action filtering.
setRules()
method
|
public void setRules(array $rules)
| ||
| $rules | array | list of access rules. |
Source Code: framework/web/auth/CAccessControlFilter.php#64 (show)
public function setRules($rules)
{
foreach($rules as $rule)
{
if(is_array($rule) && isset($rule[0]))
{
$r=new CAccessRule;
$r->allow=$rule[0]==='allow';
foreach(array_slice($rule,1) as $name=>$value)
{
if($name==='expression' || $name==='roles')
$r->$name=$value;
else
$r->$name=array_map('strtolower',$value);
}
$this->_rules[]=$r;
}
}
}
Signup or Login in order to comment.