Class yii\filters\AccessRule
Inheritance | yii\filters\AccessRule » yii\base\Component » yii\base\BaseObject |
---|---|
Implements | yii\base\Configurable |
Available since version | 2.0 |
Source Code | https://github.com/yiisoft/yii2/blob/master/framework/filters/AccessRule.php |
This class represents an access rule defined by the yii\filters\AccessControl action filter.
Public Properties
Property | Type | Description | Defined By |
---|---|---|---|
$actions | array | List of action IDs that this rule applies to. | yii\filters\AccessRule |
$allow | boolean | Whether this is an 'allow' rule or 'deny' rule. | yii\filters\AccessRule |
$behaviors | yii\base\Behavior[] | List of behaviors attached to this component. This property is read-only. | yii\base\Component |
$controllers | array | List of the controller IDs that this rule applies to. | yii\filters\AccessRule |
$denyCallback | callable | A callback that will be called if this rule determines the access to the current action should be denied. | yii\filters\AccessRule |
$ips | array | List of user IP addresses that this rule applies to. | yii\filters\AccessRule |
$matchCallback | callable | A callback that will be called to determine if the rule should be applied. | yii\filters\AccessRule |
$permissions | array | List of RBAC (Role-Based Access Control) permissions that this rules applies to. | yii\filters\AccessRule |
$roleParams | array|Closure | Parameters to pass to the yii\web\User::can() function for evaluating user permissions in $roles. | yii\filters\AccessRule |
$roles | array | List of roles that this rule applies to (requires properly configured User component). | yii\filters\AccessRule |
$verbs | array | List of request methods (e.g. GET , POST ) that this rule applies to. |
yii\filters\AccessRule |
Public Methods
Method | Description | Defined By |
---|---|---|
__call() | Calls the named method which is not a class method. | yii\base\BaseObject |
__clone() | This method is called after the object is created by cloning an existing one. | yii\base\Component |
__construct() | Constructor. | yii\base\BaseObject |
__get() | Returns the value of an object property. | yii\base\BaseObject |
__isset() | Checks if a property is set, i.e. defined and not null. | yii\base\BaseObject |
__set() | Sets value of an object property. | yii\base\BaseObject |
__unset() | Sets an object property to null. | yii\base\BaseObject |
allows() | Checks whether the Web user is allowed to perform the specified action. | yii\filters\AccessRule |
attachBehavior() | Attaches a behavior to this component. | yii\base\Component |
attachBehaviors() | Attaches a list of behaviors to the component. | yii\base\Component |
behaviors() | Returns a list of behaviors that this component should behave as. | yii\base\Component |
canGetProperty() | Returns a value indicating whether a property can be read. | yii\base\BaseObject |
canSetProperty() | Returns a value indicating whether a property can be set. | yii\base\BaseObject |
className() | Returns the fully qualified name of this class. | yii\base\BaseObject |
detachBehavior() | Detaches a behavior from the component. | yii\base\Component |
detachBehaviors() | Detaches all behaviors from the component. | yii\base\Component |
ensureBehaviors() | Makes sure that the behaviors declared in behaviors() are attached to this component. | yii\base\Component |
getBehavior() | Returns the named behavior object. | yii\base\Component |
getBehaviors() | Returns all behaviors attached to this component. | yii\base\Component |
hasEventHandlers() | Returns a value indicating whether there is any handler attached to the named event. | yii\base\Component |
hasMethod() | Returns a value indicating whether a method is defined. | yii\base\BaseObject |
hasProperty() | Returns a value indicating whether a property is defined. | yii\base\BaseObject |
init() | Initializes the object. | yii\base\BaseObject |
off() | Detaches an existing event handler from this component. | yii\base\Component |
on() | Attaches an event handler to an event. | yii\base\Component |
trigger() | Triggers an event. | yii\base\Component |
Protected Methods
Property Details
List of action IDs that this rule applies to. The comparison is case-sensitive. If not set or empty, it means this rule applies to all actions.
Whether this is an 'allow' rule or 'deny' rule.
List of the controller IDs that this rule applies to.
The comparison uses yii\base\Controller::$uniqueId, so each controller ID is prefixed
with the module ID (if any). For a product
controller in the application, you would specify
this property like ['product']
and if that controller is located in a shop
module, this
would be ['shop/product']
.
The comparison is case-sensitive.
If not set or empty, it means this rule applies to all controllers.
Since version 2.0.12 controller IDs can be specified as wildcards, e.g. module/*
.
A callback that will be called if this rule determines the access to
the current action should be denied. This is the case when this rule matches
and $allow is set to false
.
If not set, the behavior will be determined by yii\filters\AccessControl, either using yii\filters\AccessControl::denyAccess() or yii\filters\AccessControl::$denyCallback, if configured.
The signature of the callback should be as follows:
function ($rule, $action)
where $rule
is this rule, and $action
is the current action object.
See also yii\filters\AccessControl::$denyCallback.
List of user IP addresses that this rule applies to. An IP address
can contain the wildcard *
at the end so that it matches IP addresses with the same prefix.
For example, '192.168.*' matches all IP addresses in the segment '192.168.'.
It may also contain a pattern/mask like '172.16.0.0/12' which would match all IPs from the
20-bit private network block in RFC1918.
If not set or empty, it means this rule applies to all IP addresses.
See also:
A callback that will be called to determine if the rule should be applied. The signature of the callback should be as follows:
function ($rule, $action)
where $rule
is this rule, and $action
is the current action object.
The callback should return a boolean value indicating whether this rule should be applied.
List of RBAC (Role-Based Access Control) permissions that this rules applies to. yii\web\User::can() will be called to check access.
If this property is not set or empty, it means this rule applies regardless of permissions.
See also:
Parameters to pass to the yii\web\User::can() function for evaluating user permissions in $roles.
If this is an array, it will be passed directly to yii\web\User::can(). For example for passing an ID from the current request, you may use the following:
['postId' => Yii::$app->request->get('id')]
You may also specify a closure that returns an array. This can be used to evaluate the array values only if they are needed, for example when a model needs to be loaded like in the following code:
'rules' => [
[
'allow' => true,
'actions' => ['update'],
'roles' => ['updatePost'],
'roleParams' => function($rule) {
return ['post' => Post::findOne(Yii::$app->request->get('id'))];
},
],
],
A reference to the yii\filters\AccessRule instance will be passed to the closure as the first parameter.
See also $roles.
List of roles that this rule applies to (requires properly configured User component). Two special roles are recognized, and they are checked via yii\web\User::$isGuest:
?
: matches a guest user (not authenticated yet)@
: matches an authenticated user
If you are using RBAC (Role-Based Access Control), you may also specify role names. In this case, yii\web\User::can() will be called to check access.
Note that it is preferred to check for permissions instead.
If this property is not set or empty, it means this rule applies regardless of roles.
See also:
List of request methods (e.g. GET
, POST
) that this rule applies to.
If not set or empty, it means this rule applies to all request methods.
See also yii\web\Request::$method.
Method Details
Checks whether the Web user is allowed to perform the specified action.
public boolean|null allows ( $action, $user, $request ) | ||
$action | yii\base\Action | The action to be performed |
$user | yii\web\User|false | The user object or |
$request | yii\web\Request | |
return | boolean|null |
|
---|
protected boolean matchAction ( $action ) | ||
$action | yii\base\Action | The action |
return | boolean | Whether the rule applies to the action |
---|
protected boolean matchController ( $controller ) | ||
$controller | yii\base\Controller | The controller |
return | boolean | Whether the rule applies to the controller |
---|
protected boolean matchCustom ( $action ) | ||
$action | yii\base\Action | The action to be performed |
return | boolean | Whether the rule should be applied |
---|
protected boolean matchIP ( $ip ) | ||
$ip | string|null | The IP address |
return | boolean | Whether the rule applies to the IP address |
---|
protected boolean matchRole ( $user ) | ||
$user | yii\web\User | The user object |
return | boolean | Whether the rule applies to the role |
---|---|---|
throws | yii\base\InvalidConfigException | if User component is detached |
protected boolean matchVerb ( $verb ) | ||
$verb | string | The request method. |
return | boolean | Whether the rule applies to the request |
---|