API Documentation for Yii 1.1
0 follower
CAccessRule
| Package | system.web.auth |
|---|---|
| Inheritance | class CAccessRule » CComponent |
| Since | 1.0 |
| Source Code | framework/web/auth/CAccessControlFilter.php |
CAccessRule represents an access rule that is managed by CAccessControlFilter.
Public Properties
| Property | Type | Description | Defined By |
|---|---|---|---|
| actions | array | list of action IDs that this rule applies to. | CAccessRule |
| allow | boolean | whether this is an 'allow' rule or 'deny' rule. | CAccessRule |
| controllers | array | list of controller IDs that this rule applies to. | CAccessRule |
| deniedCallback | mixed | the denied method callback that will be called once the access is denied. | CAccessRule |
| expression | string | a PHP expression whose value indicates whether this rule should be applied. | CAccessRule |
| ips | array | IP patterns. | CAccessRule |
| message | string | the error message to be displayed when authorization is denied by this rule. | CAccessRule |
| roles | array | list of roles this rule applies to. | CAccessRule |
| users | array | list of user names that this rule applies to. | CAccessRule |
| verbs | array | list of request types (e.g. GET, POST) that this rule applies to. | CAccessRule |
Public Methods
| Method | Description | Defined By |
|---|---|---|
| __call() | Calls the named method which is not a class method. | CComponent |
| __get() | Returns a property value, an event handler list or a behavior based on its name. | CComponent |
| __isset() | Checks if a property value is null. | CComponent |
| __set() | Sets value of a component property. | CComponent |
| __unset() | Sets a component property to be null. | CComponent |
| asa() | Returns the named behavior object. | CComponent |
| attachBehavior() | Attaches a behavior to this component. | CComponent |
| attachBehaviors() | Attaches a list of behaviors to the component. | CComponent |
| attachEventHandler() | Attaches an event handler to an event. | CComponent |
| canGetProperty() | Determines whether a property can be read. | CComponent |
| canSetProperty() | Determines whether a property can be set. | CComponent |
| detachBehavior() | Detaches a behavior from the component. | CComponent |
| detachBehaviors() | Detaches all behaviors from the component. | CComponent |
| detachEventHandler() | Detaches an existing event handler. | CComponent |
| disableBehavior() | Disables an attached behavior. | CComponent |
| disableBehaviors() | Disables all behaviors attached to this component. | CComponent |
| enableBehavior() | Enables an attached behavior. | CComponent |
| enableBehaviors() | Enables all behaviors attached to this component. | CComponent |
| evaluateExpression() | Evaluates a PHP expression or callback under the context of this component. | CComponent |
| getEventHandlers() | Returns the list of attached event handlers for an event. | CComponent |
| hasEvent() | Determines whether an event is defined. | CComponent |
| hasEventHandler() | Checks whether the named event has attached handlers. | CComponent |
| hasProperty() | Determines whether a property is defined. | CComponent |
| isUserAllowed() | Checks whether the Web user is allowed to perform the specified action. | CAccessRule |
| raiseEvent() | Raises an event. | CComponent |
Protected Methods
| Method | Description | Defined By |
|---|---|---|
| isActionMatched() | CAccessRule | |
| isControllerMatched() | CAccessRule | |
| isExpressionMatched() | CAccessRule | |
| isIpMatched() | CAccessRule | |
| isRoleMatched() | CAccessRule | |
| isUserMatched() | CAccessRule | |
| isVerbMatched() | CAccessRule |
Property Details
actions
property
public array $actions;
list of action IDs that this rule applies to. The comparison is case-insensitive. If no actions are specified, rule applies to all actions.
allow
property
public boolean $allow;
whether this is an 'allow' rule or 'deny' rule.
controllers
property
public array $controllers;
list of controller IDs that this rule applies to. The comparison is case-insensitive.
deniedCallback
property
(available since v1.1.11)
public mixed $deniedCallback;
the denied method callback that will be called once the access is denied. It replaces the behavior that shows an error message. It can be a valid PHP callback including class method name (array(ClassName/Object, MethodName)), or anonymous function (PHP 5.3.0+). For more information, on different options, check
expression
property
public string $expression;
a PHP expression whose value indicates whether this rule should be applied.
In this expression, you can use $user which refers to Yii::app()->user.
The expression can also be a valid PHP callback,
including class method name (array(ClassName/Object, MethodName)),
or anonymous function (PHP 5.3.0+). The function/method signature should be as follows:
function foo($user, $rule) { ... }
where $user is the current application user object and $rule is this access rule.
The PHP expression will be evaluated using evaluateExpression.
A PHP expression can be any PHP code that has a value. To learn more about what an expression is, please refer to the php manual.
ips
property
public array $ips;
IP patterns.
message
property
(available since v1.1.1)
public string $message;
the error message to be displayed when authorization is denied by this rule. If not set, a default error message will be displayed.
roles
property
public array $roles;
list of roles this rule applies to. For each role, the current user's CWebUser::checkAccess method will be invoked. If one of the invocations returns true, the rule will be applied. Note, you should mainly use roles in an "allow" rule because by definition, a role represents a permission collection.
See Also
users
property
public array $users;
list of user names that this rule applies to. The comparison is case-insensitive. If no user names are specified, rule applies to all users.
verbs
property
public array $verbs;
list of request types (e.g. GET, POST) that this rule applies to.
Method Details
isActionMatched()
method
|
protected boolean isActionMatched(CAction $action)
| ||
| $action | CAction | the action |
| {return} | boolean | whether the rule applies to the action |
Source Code: framework/web/auth/CAccessControlFilter.php#299 (show)
protected function isActionMatched($action)
{
return empty($this->actions) || in_array(strtolower($action->getId()),$this->actions);
}
isControllerMatched()
method
|
protected boolean isControllerMatched(CController $controller)
| ||
| $controller | CController | the controller |
| {return} | boolean | whether the rule applies to the controller |
Source Code: framework/web/auth/CAccessControlFilter.php#308 (show)
protected function isControllerMatched($controller)
{
return empty($this->controllers) || in_array(strtolower($controller->getUniqueId()),$this->controllers);
}
isExpressionMatched()
method
|
protected boolean isExpressionMatched(IWebUser $user)
| ||
| $user | IWebUser | the user |
| {return} | boolean | the expression value. True if the expression is not specified. |
Source Code: framework/web/auth/CAccessControlFilter.php#388 (show)
protected function isExpressionMatched($user)
{
if($this->expression===null)
return true;
else
return $this->evaluateExpression($this->expression, array('user'=>$user));
}
isIpMatched()
method
|
protected boolean isIpMatched(string $ip)
| ||
| $ip | string | the IP address |
| {return} | boolean | whether the rule applies to the IP address |
Source Code: framework/web/auth/CAccessControlFilter.php#363 (show)
protected function isIpMatched($ip)
{
if(empty($this->ips))
return true;
foreach($this->ips as $rule)
{
if($rule==='*' || $rule===$ip || (($pos=strpos($rule,'*'))!==false && !strncmp($ip,$rule,$pos)))
return true;
}
return false;
}
isRoleMatched()
method
|
protected boolean isRoleMatched(IWebUser $user)
| ||
| $user | IWebUser | the user object |
| {return} | boolean | whether the rule applies to the role |
Source Code: framework/web/auth/CAccessControlFilter.php#339 (show)
protected function isRoleMatched($user)
{
if(empty($this->roles))
return true;
foreach($this->roles as $key=>$role)
{
if(is_numeric($key))
{
if($user->checkAccess($role))
return true;
}
else
{
if($user->checkAccess($key,$role))
return true;
}
}
return false;
}
isUserAllowed()
method
|
public integer isUserAllowed(CWebUser $user, CController $controller, CAction $action, string $ip, string $verb)
| ||
| $user | CWebUser | the user object |
| $controller | CController | the controller currently being executed |
| $action | CAction | the action to be performed |
| $ip | string | the request IP address |
| $verb | string | the request verb (GET, POST, etc.) |
| {return} | integer | 1 if the user is allowed, -1 if the user is denied, 0 if the rule does not apply to the user |
Source Code: framework/web/auth/CAccessControlFilter.php#281 (show)
public function isUserAllowed($user,$controller,$action,$ip,$verb)
{
if($this->isActionMatched($action)
&& $this->isUserMatched($user)
&& $this->isRoleMatched($user)
&& $this->isIpMatched($ip)
&& $this->isVerbMatched($verb)
&& $this->isControllerMatched($controller)
&& $this->isExpressionMatched($user))
return $this->allow ? 1 : -1;
else
return 0;
}
Checks whether the Web user is allowed to perform the specified action.
isUserMatched()
method
|
protected boolean isUserMatched(IWebUser $user)
| ||
| $user | IWebUser | the user |
| {return} | boolean | whether the rule applies to the user |
Source Code: framework/web/auth/CAccessControlFilter.php#317 (show)
protected function isUserMatched($user)
{
if(empty($this->users))
return true;
foreach($this->users as $u)
{
if($u==='*')
return true;
elseif($u==='?' && $user->getIsGuest())
return true;
elseif($u==='@' && !$user->getIsGuest())
return true;
elseif(!strcasecmp($u,$user->getName()))
return true;
}
return false;
}
isVerbMatched()
method
|
protected boolean isVerbMatched(string $verb)
| ||
| $verb | string | the request method |
| {return} | boolean | whether the rule applies to the request |
Source Code: framework/web/auth/CAccessControlFilter.php#379 (show)
protected function isVerbMatched($verb)
{
return empty($this->verbs) || in_array(strtolower($verb),$this->verbs);
}
Expression example
A rule with an expressions has the form
array('allow', // control access to 'admin' and 'delete' actions 'actions'=>array('admin','delete'), 'expression' => array($this, 'isAdministrator'), ),The function then has the form:
/** * Function to control access * @param CWebUser current user obj * @param CAccessRule access rule obj */ function isAdministrator($user, $rule) { if($user->name == 'admin') return true; else return false; }Missing "actions" mean all actions included
If the
'actions' => array(...)clause is omitted, then ALL actions are included by the rule.And remember that actions are separate strings:
array('create', 'index', 'view') // YES array('create, index, view') // NOSignup or Login in order to comment.