0 follower

CAccessRule

Package system.web.auth
Inheritance class CAccessRule » CComponent
Since 1.0
Version $Id$
Source Code framework/web/auth/CAccessControlFilter.php
CAccessRule represents an access rule that is managed by CAccessControlFilter.

Public Properties

Hide inherited properties

PropertyTypeDescriptionDefined By
actions array list of action IDs that this rule applies to. CAccessRule
allow boolean whether this is an 'allow' rule or 'deny' rule. CAccessRule
controllers array list of controler IDs that this rule applies to. CAccessRule
expression string a PHP expression whose value indicates whether this rule should be applied. CAccessRule
ips array IP patterns. CAccessRule
roles array list of roles this rule applies to. CAccessRule
users array list of user names that this rule applies to. CAccessRule
verbs array list of request types (e.g. GET, POST) that this rule applies to. CAccessRule

Public Methods

Hide inherited methods

MethodDescriptionDefined By
__call() Calls the named method which is not a class method. CComponent
__get() Returns a property value, an event handler list or a behavior based on its name. CComponent
__isset() Checks if a property value is null. CComponent
__set() Sets value of a component property. CComponent
__unset() Sets a component property to be null. CComponent
asa() Returns the named behavior object. CComponent
attachBehavior() Attaches a behavior to this component. CComponent
attachBehaviors() Attaches a list of behaviors to the component. CComponent
attachEventHandler() Attaches an event handler to an event. CComponent
canGetProperty() Determines whether a property can be read. CComponent
canSetProperty() Determines whether a property can be set. CComponent
detachBehavior() Detaches a behavior from the component. CComponent
detachBehaviors() Detaches all behaviors from the component. CComponent
detachEventHandler() Detaches an existing event handler. CComponent
disableBehavior() Disables an attached behavior. CComponent
disableBehaviors() Disables all behaviors attached to this component. CComponent
enableBehavior() Enables an attached behavior. CComponent
enableBehaviors() Enables all behaviors attached to this component. CComponent
getEventHandlers() Returns the list of attached event handlers for an event. CComponent
hasEvent() Determines whether an event is defined. CComponent
hasEventHandler() Checks whether the named event has attached handlers. CComponent
hasProperty() Determines whether a property is defined. CComponent
isUserAllowed() Checks whether the Web user is allowed to perform the specified action. CAccessRule
raiseEvent() Raises an event. CComponent

Protected Methods

Hide inherited methods

MethodDescriptionDefined By
isActionMatched() CAccessRule
isControllerMatched() CAccessRule
isExpressionMatched() CAccessRule
isIpMatched() CAccessRule
isRoleMatched() CAccessRule
isUserMatched() CAccessRule
isVerbMatched() CAccessRule

Property Details

actions property
public array $actions;

list of action IDs that this rule applies to. The comparison is case-insensitive.

allow property
public boolean $allow;

whether this is an 'allow' rule or 'deny' rule.

controllers property (available since v1.0.4)
public array $controllers;

list of controler IDs that this rule applies to. The comparison is case-insensitive.

expression property (available since v1.0.3)
public string $expression;

a PHP expression whose value indicates whether this rule should be applied. In this expression, you can use $user which refers to Yii::app()->user. Starting from version 1.0.11, the expression can also be a valid PHP callback, including class method name (array(ClassName/Object, MethodName)), or anonymous function (PHP 5.3.0+). The function/method will be passed a single parameter which is the user object.

ips property
public array $ips;

IP patterns.

roles property
public array $roles;

list of roles this rule applies to. For each role, the current user's CWebUser::checkAccess method will be invoked. If one of the invocations returns true, the rule will be applied. Note, you should mainly use roles in an "allow" rule because by definition, a role represents a permission collection.

See Also

users property
public array $users;

list of user names that this rule applies to. The comparison is case-insensitive.

verbs property
public array $verbs;

list of request types (e.g. GET, POST) that this rule applies to.

Method Details

isActionMatched() method
protected boolean isActionMatched(CAction $action)
$action CAction the action
{return} boolean whether the rule applies to the action
Source Code: framework/web/auth/CAccessControlFilter.php#211 (show)
protected function isActionMatched($action)
{
    return empty(
$this->actions) || in_array(strtolower($action->getId()),$this->actions);
}

isControllerMatched() method
protected boolean isControllerMatched(CAction $controller)
$controller CAction the action
{return} boolean whether the rule applies to the action
Source Code: framework/web/auth/CAccessControlFilter.php#220 (show)
protected function isControllerMatched($controller)
{
    return empty(
$this->controllers) || in_array(strtolower($controller->getId()),$this->controllers);
}

isExpressionMatched() method (available since v1.0.3)
protected boolean isExpressionMatched(IWebUser $user)
$user IWebUser the user
{return} boolean the expression value. True if the expression is not specified.
Source Code: framework/web/auth/CAccessControlFilter.php#293 (show)
protected function isExpressionMatched($user)
{
    if(
$this->expression===null)
        return 
true;
    if(!
is_string($this->expression) && is_callable($this->expression))
        return 
call_user_func($this->expression$user);
    else
        return @eval(
'return '.$this->expression.';');
}

isIpMatched() method
protected boolean isIpMatched(string $ip)
$ip string the IP address
{return} boolean whether the rule applies to the IP address
Source Code: framework/web/auth/CAccessControlFilter.php#267 (show)
protected function isIpMatched($ip)
{
    if(empty(
$this->ips))
        return 
true;
    foreach(
$this->ips as $rule)
    {
        if(
$rule==='*' || $rule===$ip || (($pos=strpos($rule,'*'))!==false && !strncmp($ip,$rule,$pos)))
            return 
true;
    }
    return 
false;
}

isRoleMatched() method
protected boolean isRoleMatched(string $user)
$user string the role name
{return} boolean whether the rule applies to the role
Source Code: framework/web/auth/CAccessControlFilter.php#251 (show)
protected function isRoleMatched($user)
{
    if(empty(
$this->roles))
        return 
true;
    foreach(
$this->roles as $role)
    {
        if(
$user->checkAccess($role))
            return 
true;
    }
    return 
false;
}

isUserAllowed() method
public integer isUserAllowed(CWebUser $user, CController $controller, CAction $action, string $ip, string $verb)
$user CWebUser the user object
$controller CController the controller currently being executed
$action CAction the action to be performed
$ip string the request IP address
$verb string the request verb (GET, POST, etc.)
{return} integer 1 if the user is allowed, -1 if the user is denied, 0 if the rule does not apply to the user
Source Code: framework/web/auth/CAccessControlFilter.php#193 (show)
public function isUserAllowed($user,$controller,$action,$ip,$verb)
{
    if(
$this->isActionMatched($action)
        && 
$this->isUserMatched($user)
        && 
$this->isRoleMatched($user)
        && 
$this->isIpMatched($ip)
        && 
$this->isVerbMatched($verb)
        && 
$this->isControllerMatched($controller)
        && 
$this->isExpressionMatched($user))
        return 
$this->allow : -1;
    else
        return 
0;
}

Checks whether the Web user is allowed to perform the specified action.

isUserMatched() method
protected boolean isUserMatched(IWebUser $user)
$user IWebUser the user
{return} boolean whether the rule applies to the user
Source Code: framework/web/auth/CAccessControlFilter.php#229 (show)
protected function isUserMatched($user)
{
    if(empty(
$this->users))
        return 
true;
    foreach(
$this->users as $u)
    {
        if(
$u==='*')
            return 
true;
        else if(
$u==='?' && $user->getIsGuest())
            return 
true;
        else if(
$u==='@' && !$user->getIsGuest())
            return 
true;
        else if(!
strcasecmp($u,$user->getName()))
            return 
true;
    }
    return 
false;
}

isVerbMatched() method
protected boolean isVerbMatched(string $verb)
$verb string the request method
{return} boolean whether the rule applies to the request
Source Code: framework/web/auth/CAccessControlFilter.php#283 (show)
protected function isVerbMatched($verb)
{
    return empty(
$this->verbs) || in_array(strtolower($verb),$this->verbs);
}