Class yii\filters\AccessControl
| Inheritance | yii\filters\AccessControl » yii\base\ActionFilter » yii\base\Behavior » yii\base\BaseObject |
|---|---|
| Implements | yii\base\Configurable |
| Available since version | 2.0 |
| Source Code | https://github.com/yiisoft/yii2/blob/master/framework/filters/AccessControl.php |
AccessControl provides simple access control based on a set of rules.
AccessControl is an action filter. It will check its $rules to find the first rule that matches the current context variables (such as user IP address, user role). The matching rule will dictate whether to allow or deny the access to the requested controller action. If no rule matches, the access will be denied.
To use AccessControl, declare it in the behaviors() method of your controller class.
For example, the following declarations will allow authenticated users to access the "create"
and "update" actions and deny all other users from accessing these two actions.
public function behaviors()
{
return [
'access' => [
'class' => \yii\filters\AccessControl::className(),
'only' => ['create', 'update'],
'rules' => [
// deny all POST requests
[
'allow' => false,
'verbs' => ['POST']
],
// allow authenticated users
[
'allow' => true,
'roles' => ['@'],
],
// everything else is denied
],
],
];
}
Public Properties
| Property | Type | Description | Defined By |
|---|---|---|---|
| $denyCallback | callable | A callback that will be called if the access should be denied to the current user. | yii\filters\AccessControl |
| $except | array | List of action IDs that this filter should not apply to. | yii\base\ActionFilter |
| $only | array | List of action IDs that this filter should apply to. | yii\base\ActionFilter |
| $owner | yii\base\Component|null | The owner of this behavior | yii\base\Behavior |
| $ruleConfig | array | The default configuration of access rules. | yii\filters\AccessControl |
| $rules | array | A list of access rule objects or configuration arrays for creating the rule objects. | yii\filters\AccessControl |
| $user | yii\web\User|array|string|false | The user object representing the authentication status or the ID of the user application component. | yii\filters\AccessControl |
Public Methods
| Method | Description | Defined By |
|---|---|---|
| __call() | Calls the named method which is not a class method. | yii\base\BaseObject |
| __construct() | Constructor. | yii\base\BaseObject |
| __get() | Returns the value of an object property. | yii\base\BaseObject |
| __isset() | Checks if a property is set, i.e. defined and not null. | yii\base\BaseObject |
| __set() | Sets value of an object property. | yii\base\BaseObject |
| __unset() | Sets an object property to null. | yii\base\BaseObject |
| afterAction() | This method is invoked right after an action is executed. | yii\base\ActionFilter |
| afterFilter() | yii\base\ActionFilter | |
| attach() | {@inheritdoc} | yii\base\ActionFilter |
| beforeAction() | This method is invoked right before an action is to be executed (after all possible filters.) You may override this method to do last-minute preparation for the action. | yii\filters\AccessControl |
| beforeFilter() | yii\base\ActionFilter | |
| canGetProperty() | Returns a value indicating whether a property can be read. | yii\base\BaseObject |
| canSetProperty() | Returns a value indicating whether a property can be set. | yii\base\BaseObject |
| className() | Returns the fully qualified name of this class. | yii\base\BaseObject |
| detach() | {@inheritdoc} | yii\base\ActionFilter |
| events() | Declares event handlers for the $owner's events. | yii\base\Behavior |
| hasMethod() | Returns a value indicating whether a method is defined. | yii\base\BaseObject |
| hasProperty() | Returns a value indicating whether a property is defined. | yii\base\BaseObject |
| init() | Initializes the $rules array by instantiating rule objects from configurations. | yii\filters\AccessControl |
Protected Methods
| Method | Description | Defined By |
|---|---|---|
| denyAccess() | Denies the access of the user. | yii\filters\AccessControl |
| getActionId() | Returns an action ID by converting yii\base\Action::$uniqueId into an ID relative to the module. | yii\base\ActionFilter |
| isActive() | Returns a value indicating whether the filter is active for the given action. | yii\base\ActionFilter |
Property Details
A callback that will be called if the access should be denied
to the current user. This is the case when either no rule matches, or a rule with
$allow set to false matches.
If not set, denyAccess() will be called.
The signature of the callback should be as follows:
function ($rule, $action)
where $rule is the rule that denies the user, and $action is the current action object.
$rule can be null if access is denied because none of the rules matched.
The default configuration of access rules. Individual rule configurations specified via $rules will take precedence when the same property of the rule is configured.
A list of access rule objects or configuration arrays for creating the rule objects. If a rule is specified via a configuration array, it will be merged with $ruleConfig first before it is used for creating the rule object.
See also $ruleConfig.
The user object representing the authentication status or the ID of the user application component.
Starting from version 2.0.2, this can also be a configuration array for creating the object.
Starting from version 2.0.12, you can set it to false to explicitly switch this component support off for the filter.
Method Details
This method is invoked right before an action is to be executed (after all possible filters.) You may override this method to do last-minute preparation for the action.
| public boolean beforeAction ( $action ) | ||
| $action | yii\base\Action | The action to be executed. |
| return | boolean | Whether the action should continue to be executed. |
|---|---|---|
Denies the access of the user.
The default implementation will redirect the user to the login page if he is a guest; if the user is already logged, a 403 HTTP exception will be thrown.
| protected void denyAccess ( $user ) | ||
| $user | yii\web\User|false | The current user or boolean |
| throws | yii\web\ForbiddenHttpException | if the user is already logged in or in case of detached User component. |
|---|---|---|
Initializes the $rules array by instantiating rule objects from configurations.
| public void init ( ) |