Package | system.web.auth |
---|---|
Inheritance | class CAccessRule » CComponent |
Since | 1.0 |
Version | $Id$ |
Source Code | framework/web/auth/CAccessControlFilter.php |
Property | Type | Description | Defined By |
---|---|---|---|
actions | array | list of action IDs that this rule applies to. | CAccessRule |
allow | boolean | whether this is an 'allow' rule or 'deny' rule. | CAccessRule |
controllers | array | list of controler IDs that this rule applies to. | CAccessRule |
expression | string | a PHP expression whose value indicates whether this rule should be applied. | CAccessRule |
ips | array | IP patterns. | CAccessRule |
roles | array | list of roles this rule applies to. | CAccessRule |
users | array | list of user names that this rule applies to. | CAccessRule |
verbs | array | list of request types (e.g. GET, POST) that this rule applies to. | CAccessRule |
Method | Description | Defined By |
---|---|---|
__call() | Calls the named method which is not a class method. | CComponent |
__get() | Returns a property value, an event handler list or a behavior based on its name. | CComponent |
__isset() | Checks if a property value is null. | CComponent |
__set() | Sets value of a component property. | CComponent |
__unset() | Sets a component property to be null. | CComponent |
asa() | Returns the named behavior object. | CComponent |
attachBehavior() | Attaches a behavior to this component. | CComponent |
attachBehaviors() | Attaches a list of behaviors to the component. | CComponent |
attachEventHandler() | Attaches an event handler to an event. | CComponent |
canGetProperty() | Determines whether a property can be read. | CComponent |
canSetProperty() | Determines whether a property can be set. | CComponent |
detachBehavior() | Detaches a behavior from the component. | CComponent |
detachBehaviors() | Detaches all behaviors from the component. | CComponent |
detachEventHandler() | Detaches an existing event handler. | CComponent |
disableBehavior() | Disables an attached behavior. | CComponent |
disableBehaviors() | Disables all behaviors attached to this component. | CComponent |
enableBehavior() | Enables an attached behavior. | CComponent |
enableBehaviors() | Enables all behaviors attached to this component. | CComponent |
getEventHandlers() | Returns the list of attached event handlers for an event. | CComponent |
hasEvent() | Determines whether an event is defined. | CComponent |
hasEventHandler() | Checks whether the named event has attached handlers. | CComponent |
hasProperty() | Determines whether a property is defined. | CComponent |
isUserAllowed() | Checks whether the Web user is allowed to perform the specified action. | CAccessRule |
raiseEvent() | Raises an event. | CComponent |
Method | Description | Defined By |
---|---|---|
isActionMatched() | CAccessRule | |
isControllerMatched() | CAccessRule | |
isExpressionMatched() | CAccessRule | |
isIpMatched() | CAccessRule | |
isRoleMatched() | CAccessRule | |
isUserMatched() | CAccessRule | |
isVerbMatched() | CAccessRule |
list of action IDs that this rule applies to. The comparison is case-insensitive.
whether this is an 'allow' rule or 'deny' rule.
list of controler IDs that this rule applies to. The comparison is case-insensitive.
a PHP expression whose value indicates whether this rule should be applied.
In this expression, you can use $user
which refers to Yii::app()->user
.
Starting from version 1.0.11, the expression can also be a valid PHP callback,
including class method name (array(ClassName/Object, MethodName)),
or anonymous function (PHP 5.3.0+). The function/method will be passed a single
parameter which is the user object.
IP patterns.
list of roles this rule applies to. For each role, the current user's CWebUser::checkAccess method will be invoked. If one of the invocations returns true, the rule will be applied. Note, you should mainly use roles in an "allow" rule because by definition, a role represents a permission collection.
list of user names that this rule applies to. The comparison is case-insensitive.
list of request types (e.g. GET, POST) that this rule applies to.
protected boolean isActionMatched(CAction $action)
| ||
$action | CAction | the action |
{return} | boolean | whether the rule applies to the action |
protected function isActionMatched($action)
{
return empty($this->actions) || in_array(strtolower($action->getId()),$this->actions);
}
protected boolean isControllerMatched(CAction $controller)
| ||
$controller | CAction | the action |
{return} | boolean | whether the rule applies to the action |
protected function isControllerMatched($controller)
{
return empty($this->controllers) || in_array(strtolower($controller->getId()),$this->controllers);
}
protected boolean isExpressionMatched(IWebUser $user)
| ||
$user | IWebUser | the user |
{return} | boolean | the expression value. True if the expression is not specified. |
protected function isExpressionMatched($user)
{
if($this->expression===null)
return true;
if(!is_string($this->expression) && is_callable($this->expression))
return call_user_func($this->expression, $user);
else
return @eval('return '.$this->expression.';');
}
protected boolean isIpMatched(string $ip)
| ||
$ip | string | the IP address |
{return} | boolean | whether the rule applies to the IP address |
protected function isIpMatched($ip)
{
if(empty($this->ips))
return true;
foreach($this->ips as $rule)
{
if($rule==='*' || $rule===$ip || (($pos=strpos($rule,'*'))!==false && !strncmp($ip,$rule,$pos)))
return true;
}
return false;
}
protected boolean isRoleMatched(string $user)
| ||
$user | string | the role name |
{return} | boolean | whether the rule applies to the role |
protected function isRoleMatched($user)
{
if(empty($this->roles))
return true;
foreach($this->roles as $role)
{
if($user->checkAccess($role))
return true;
}
return false;
}
public integer isUserAllowed(CWebUser $user, CController $controller, CAction $action, string $ip, string $verb)
| ||
$user | CWebUser | the user object |
$controller | CController | the controller currently being executed |
$action | CAction | the action to be performed |
$ip | string | the request IP address |
$verb | string | the request verb (GET, POST, etc.) |
{return} | integer | 1 if the user is allowed, -1 if the user is denied, 0 if the rule does not apply to the user |
public function isUserAllowed($user,$controller,$action,$ip,$verb)
{
if($this->isActionMatched($action)
&& $this->isUserMatched($user)
&& $this->isRoleMatched($user)
&& $this->isIpMatched($ip)
&& $this->isVerbMatched($verb)
&& $this->isControllerMatched($controller)
&& $this->isExpressionMatched($user))
return $this->allow ? 1 : -1;
else
return 0;
}
Checks whether the Web user is allowed to perform the specified action.
protected boolean isUserMatched(IWebUser $user)
| ||
$user | IWebUser | the user |
{return} | boolean | whether the rule applies to the user |
protected function isUserMatched($user)
{
if(empty($this->users))
return true;
foreach($this->users as $u)
{
if($u==='*')
return true;
else if($u==='?' && $user->getIsGuest())
return true;
else if($u==='@' && !$user->getIsGuest())
return true;
else if(!strcasecmp($u,$user->getName()))
return true;
}
return false;
}
protected boolean isVerbMatched(string $verb)
| ||
$verb | string | the request method |
{return} | boolean | whether the rule applies to the request |
protected function isVerbMatched($verb)
{
return empty($this->verbs) || in_array(strtolower($verb),$this->verbs);
}
Signup or Login in order to comment.