PHP Class yii\filters\AccessControl

AccessControl is an action filter. It will check its [[rules]] to find the first rule that matches the current context variables (such as user IP address, user role). The matching rule will dictate whether to allow or deny the access to the requested controller action. If no rule matches, the access will be denied. To use AccessControl, declare it in the behaviors() method of your controller class. For example, the following declarations will allow authenticated users to access the "create" and "update" actions and deny all other users from accessing these two actions. php public function behaviors() { return [ 'access' => [ 'class' => \yii\filters\AccessControl::className(), 'only' => ['create', 'update'], 'rules' => [ deny all POST requests [ 'allow' => false, 'verbs' => ['POST'] ], allow authenticated users [ 'allow' => true, 'roles' => ['@'], ], everything else is denied ], ], ]; }
Since: 2.0
Author: Qiang Xue ([email protected])
Inheritance: extends yii\base\ActionFilter
Afficher le fichier Open project: yiisoft/yii2 Class Usage Examples

Méthodes publiques

Свойство Type Description
$denyCallback a callback that will be called if the access should be denied to the current user. If not set, AccessControl::denyAccess will be called. The signature of the callback should be as follows: php function ($rule, $action) where $rule is the rule that denies the user, and $action is the current [[Action|action]] object. $rule can be null if access is denied because none of the rules matched.
$ruleConfig the default configuration of access rules. Individual rule configurations specified via [[rules]] will take precedence when the same property of the rule is configured.
$rules a list of access rule objects or configuration arrays for creating the rule objects. If a rule is specified via a configuration array, it will be merged with [[ruleConfig]] first before it is used for creating the rule object.
$user the user object representing the authentication status or the ID of the user application component. Starting from version 2.0.2, this can also be a configuration array for creating the object.

Méthodes publiques

Méthode Description
beforeAction ( Action $action ) : boolean This method is invoked right before an action is to be executed (after all possible filters.) You may override this method to do last-minute preparation for the action.
init ( ) Initializes the [[rules]] array by instantiating rule objects from configurations.

Méthodes protégées

Méthode Description
denyAccess ( User $user ) Denies the access of the user.

Method Details

beforeAction() public méthode

This method is invoked right before an action is to be executed (after all possible filters.) You may override this method to do last-minute preparation for the action.
public beforeAction ( Action $action ) : boolean
$action yii\base\Action the action to be executed.
Résultat boolean whether the action should continue to be executed.

denyAccess() protected méthode

The default implementation will redirect the user to the login page if he is a guest; if the user is already logged, a 403 HTTP exception will be thrown.
protected denyAccess ( User $user )
$user yii\web\User the current user

init() public méthode

Initializes the [[rules]] array by instantiating rule objects from configurations.
public init ( )

Property Details

$denyCallback public_oe property

a callback that will be called if the access should be denied to the current user. If not set, AccessControl::denyAccess will be called. The signature of the callback should be as follows: php function ($rule, $action) where $rule is the rule that denies the user, and $action is the current [[Action|action]] object. $rule can be null if access is denied because none of the rules matched.
public $denyCallback

$ruleConfig public_oe property

the default configuration of access rules. Individual rule configurations specified via [[rules]] will take precedence when the same property of the rule is configured.
public $ruleConfig

$rules public_oe property

a list of access rule objects or configuration arrays for creating the rule objects. If a rule is specified via a configuration array, it will be merged with [[ruleConfig]] first before it is used for creating the rule object.
See also: ruleConfig
public $rules

$user public_oe property

the user object representing the authentication status or the ID of the user application component. Starting from version 2.0.2, this can also be a configuration array for creating the object.
public $user