0 follower

CAccessControlFilter

Package system.web.auth
Inheritance class CAccessControlFilter » CFilter » CComponent
Implements IFilter
Since 1.0
Version $Id$
Source Code framework/web/auth/CAccessControlFilter.php
CAccessControlFilter performs authorization checks for the specified actions.

By enabling this filter, controller actions can be checked for access permissions. Only when the user is allowed by one of the security rules, will he be able to access the action.

To specify the access rules, set the rules property, which should be an array of the rules. Each rule is specified as an array of the following structure:
array(
  'allow',  // or 'deny'
  // optional, list of action IDs (case insensitive) that this rule applies to
  'actions'=>array('edit', 'delete'),
  // optional, list of controller IDs (case insensitive) that this rule applies to
  // This option is available since version 1.0.3.
  'controllers'=>array('post', 'admin/user'),
  // optional, list of usernames (case insensitive) that this rule applies to
  // Use * to represent all users, ? guest users, and @ authenticated users
  'users'=>array('thomas', 'kevin'),
  // optional, list of roles (case sensitive!) that this rule applies to.
  'roles'=>array('admin', 'editor'),
  // optional, list of IP address/patterns that this rule applies to
  // e.g. 127.0.0.1, 127.0.0.*
  'ips'=>array('127.0.0.1'),
  // optional, list of request types (case insensitive) that this rule applies to
  'verbs'=>array('GET', 'POST'),
  // optional, a PHP expression whose value indicates whether this rule applies
  // This option is available since version 1.0.3.
  'expression'=>'!$user->isGuest && $user->level==2',
)

Public Properties

Hide inherited properties

PropertyTypeDescriptionDefined By
rules array list of access rules. CAccessControlFilter

Public Methods

Hide inherited methods

MethodDescriptionDefined By
__call() Calls the named method which is not a class method. CComponent
__get() Returns a property value, an event handler list or a behavior based on its name. CComponent
__isset() Checks if a property value is null. CComponent
__set() Sets value of a component property. CComponent
__unset() Sets a component property to be null. CComponent
asa() Returns the named behavior object. CComponent
attachBehavior() Attaches a behavior to this component. CComponent
attachBehaviors() Attaches a list of behaviors to the component. CComponent
attachEventHandler() Attaches an event handler to an event. CComponent
canGetProperty() Determines whether a property can be read. CComponent
canSetProperty() Determines whether a property can be set. CComponent
detachBehavior() Detaches a behavior from the component. CComponent
detachBehaviors() Detaches all behaviors from the component. CComponent
detachEventHandler() Detaches an existing event handler. CComponent
disableBehavior() Disables an attached behavior. CComponent
disableBehaviors() Disables all behaviors attached to this component. CComponent
enableBehavior() Enables an attached behavior. CComponent
enableBehaviors() Enables all behaviors attached to this component. CComponent
filter() Performs the filtering. CFilter
getEventHandlers() Returns the list of attached event handlers for an event. CComponent
getRules() Returns list of access rules. CAccessControlFilter
hasEvent() Determines whether an event is defined. CComponent
hasEventHandler() Checks whether the named event has attached handlers. CComponent
hasProperty() Determines whether a property is defined. CComponent
raiseEvent() Raises an event. CComponent
setRules() Sets list of access rules. CAccessControlFilter

Protected Methods

Hide inherited methods

MethodDescriptionDefined By
accessDenied() Denies the access of the user. CAccessControlFilter
postFilter() Performs the post-action filtering. CFilter
preFilter() Performs the pre-action filtering. CAccessControlFilter

Property Details

rules property
public array getRules()
public void setRules(array $rules)

list of access rules.

Method Details

accessDenied() method (available since v1.0.5)
protected void accessDenied(IWebUser $user)
$user IWebUser the current user
Source Code: framework/web/auth/CAccessControlFilter.php#118 (show)
protected function accessDenied($user)
{
    if(
$user->getIsGuest())
        
$user->loginRequired();
    else
        throw new 
CHttpException(403,Yii::t('yii','You are not authorized to perform this action.'));
}

Denies the access of the user. This method is invoked when access check fails.

getRules() method
public array getRules()
{return} array list of access rules.
Source Code: framework/web/auth/CAccessControlFilter.php#56 (show)
public function getRules()
{
    return 
$this->_rules;
}

preFilter() method
protected boolean preFilter(CFilterChain $filterChain)
$filterChain CFilterChain the filter chain that the filter is on.
{return} boolean whether the filtering process should continue and the action should be executed.
Source Code: framework/web/auth/CAccessControlFilter.php#90 (show)
protected function preFilter($filterChain)
{
    
$app=Yii::app();
    
$request=$app->getRequest();
    
$user=$app->getUser();
    
$verb=$request->getRequestType();
    
$ip=$request->getUserHostAddress();

    foreach(
$this->getRules() as $rule)
    {
        if((
$allow=$rule->isUserAllowed($user,$filterChain->controller,$filterChain->action,$ip,$verb))>0// allowed
            
break;
        else if(
$allow<0// denied
        
{
            
$this->accessDenied($user);
            return 
false;
        }
    }

    return 
true;
}

Performs the pre-action filtering.

setRules() method
public void setRules(array $rules)
$rules array list of access rules.
Source Code: framework/web/auth/CAccessControlFilter.php#64 (show)
public function setRules($rules)
{
    foreach(
$rules as $rule)
    {
        if(
is_array($rule) && isset($rule[0]))
        {
            
$r=new CAccessRule;
            
$r->allow=$rule[0]==='allow';
            foreach(
array_slice($rule,1) as $name=>$value)
            {
                if(
$name==='expression' || $name==='roles')
                    
$r->$name=$value;
                else
                    
$r->$name=array_map('strtolower',$value);
            }
            
$this->_rules[]=$r;
        }
    }
}