Home » Documentation » Class Reference » CAccessControlFilter

CAccessControlFilter

Package	system.web.auth
Inheritance	class CAccessControlFilter » CFilter » CComponent
Implements	IFilter
Since	1.0
Version	$Id: CAccessControlFilter.php 2192 2010-06-15 21:43:32Z alexander.makarow $

CAccessControlFilter performs authorization checks for the specified actions.

By enabling this filter, controller actions can be checked for access permissions. Only when the user is allowed by one of the security rules, will he be able to access the action.

To specify the access rules, set the rules property, which should be an array of the rules. Each rule is specified as an array of the following structure:

array(
  'allow',  // or 'deny'
  // optional, list of action IDs (case insensitive) that this rule applies to
  'actions'=>array('edit', 'delete'),
  // optional, list of controller IDs (case insensitive) that this rule applies to
  // This option is available since version 1.0.3.
  'controllers'=>array('post', 'admin/user'),
  // optional, list of usernames (case insensitive) that this rule applies to
  // Use * to represent all users, ? guest users, and @ authenticated users
  'users'=>array('thomas', 'kevin'),
  // optional, list of roles (case sensitive!) that this rule applies to.
  'roles'=>array('admin', 'editor'),
  // optional, list of IP address/patterns that this rule applies to
  // e.g. 127.0.0.1, 127.0.0.*
  'ips'=>array('127.0.0.1'),
  // optional, list of request types (case insensitive) that this rule applies to
  'verbs'=>array('GET', 'POST'),
  // optional, a PHP expression whose value indicates whether this rule applies
  // This option is available since version 1.0.3.
  'expression'=>'!$user->isGuest && $user->level==2',
  // optional, the customized error message to be displayed
  // This option is available since version 1.1.1.
  'message'=>'Access Denied.',
)

Public Properties

Hide inherited properties

Property	Type	Description	Defined By
message	string	the error message to be displayed when authorization fails.	CAccessControlFilter
rules	array	list of access rules.	CAccessControlFilter

Public Methods

Hide inherited methods

Method	Description	Defined By
__call()	Calls the named method which is not a class method.	CComponent
__get()	Returns a property value, an event handler list or a behavior based on its name.	CComponent
__isset()	Checks if a property value is null.	CComponent
__set()	Sets value of a component property.	CComponent
__unset()	Sets a component property to be null.	CComponent
asa()	Returns the named behavior object.	CComponent
attachBehavior()	Attaches a behavior to this component.	CComponent
attachBehaviors()	Attaches a list of behaviors to the component.	CComponent
attachEventHandler()	Attaches an event handler to an event.	CComponent
canGetProperty()	Determines whether a property can be read.	CComponent
canSetProperty()	Determines whether a property can be set.	CComponent
detachBehavior()	Detaches a behavior from the component.	CComponent
detachBehaviors()	Detaches all behaviors from the component.	CComponent
detachEventHandler()	Detaches an existing event handler.	CComponent
disableBehavior()	Disables an attached behavior.	CComponent
disableBehaviors()	Disables all behaviors attached to this component.	CComponent
enableBehavior()	Enables an attached behavior.	CComponent
enableBehaviors()	Enables all behaviors attached to this component.	CComponent
evaluateExpression()	Evaluates a PHP expression or callback under the context of this component.	CComponent
filter()	Performs the filtering.	CFilter
getEventHandlers()	Returns the list of attached event handlers for an event.	CComponent
getRules()		CAccessControlFilter
hasEvent()	Determines whether an event is defined.	CComponent
hasEventHandler()	Checks whether the named event has attached handlers.	CComponent
hasProperty()	Determines whether a property is defined.	CComponent
raiseEvent()	Raises an event.	CComponent
setRules()		CAccessControlFilter

Protected Methods

Hide inherited methods

Method	Description	Defined By
accessDenied()	Denies the access of the user.	CAccessControlFilter
postFilter()	Performs the post-action filtering.	CFilter
preFilter()	Performs the pre-action filtering.	CAccessControlFilter
resolveErrorMessage()	Resolves the error message to be displayed.	CAccessControlFilter

Property Details

message property (available since v1.1.1)

public string $message;

the error message to be displayed when authorization fails. This property can be overridden by individual access rule via CAccessRule::message. If this property is not set, a default error message will be displayed.

rules property

public array getRules()
public void setRules(array $rules)

list of access rules.

Method Details

accessDenied() method (available since v1.0.5)

protected void accessDenied(IWebUser $user, string $message)
$user	IWebUser	the current user
$message	string	the error message to be displayed

Denies the access of the user. This method is invoked when access check fails.

getRules() method

public array getRules()
{return}	array	list of access rules.

preFilter() method

protected boolean preFilter(CFilterChain $filterChain)
$filterChain	CFilterChain	the filter chain that the filter is on.
{return}	boolean	whether the filtering process should continue and the action should be executed.

Performs the pre-action filtering.

resolveErrorMessage() method (available since v1.1.1)

protected string resolveErrorMessage(CAccessRule $rule)
$rule	CAccessRule	the access rule
{return}	string	the error message

Resolves the error message to be displayed. This method will check message and CAccessRule::message to see what error message should be displayed.

setRules() method

public void setRules(array $rules)
$rules	array	list of access rules.