W3cubDocs

/Yii 2.0

Class yii\filters\AccessRule

Inheritance yii\filters\AccessRule » yii\base\Component » yii\base\Object
Implements yii\base\Configurable
Available since version 2.0
Source Code https://github.com/yiisoft/yii2/blob/master/framework/filters/AccessRule.php

This class represents an access rule defined by the yii\filters\AccessControl action filter

Public Properties

Property Type Description Defined By
$actions array List of action IDs that this rule applies to. yii\filters\AccessRule
$allow boolean Whether this is an 'allow' rule or 'deny' rule. yii\filters\AccessRule
$behaviors yii\base\Behavior[] List of behaviors attached to this component yii\base\Component
$controllers array List of the controller IDs that this rule applies to. yii\filters\AccessRule
$denyCallback callable A callback that will be called if this rule determines the access to the current action should be denied. yii\filters\AccessRule
$ips array List of user IP addresses that this rule applies to. yii\filters\AccessRule
$matchCallback callable A callback that will be called to determine if the rule should be applied. yii\filters\AccessRule
$roleParams array|Closure Parameters to pass to the yii\web\User::can() function for evaluating user permissions in $roles. yii\filters\AccessRule
$roles array List of roles that this rule applies to (requires properly configured User component). yii\filters\AccessRule
$verbs array List of request methods (e.g. GET, POST) that this rule applies to. yii\filters\AccessRule

Public Methods

Method Description Defined By
__call() Calls the named method which is not a class method. yii\base\Object
__clone() This method is called after the object is created by cloning an existing one. yii\base\Component
__construct() Constructor. yii\base\Object
__get() Returns the value of an object property. yii\base\Object
__isset() Checks if a property is set, i.e. defined and not null. yii\base\Object
__set() Sets value of an object property. yii\base\Object
__unset() Sets an object property to null. yii\base\Object
allows() Checks whether the Web user is allowed to perform the specified action. yii\filters\AccessRule
attachBehavior() Attaches a behavior to this component. yii\base\Component
attachBehaviors() Attaches a list of behaviors to the component. yii\base\Component
behaviors() Returns a list of behaviors that this component should behave as. yii\base\Component
canGetProperty() Returns a value indicating whether a property can be read. yii\base\Object
canSetProperty() Returns a value indicating whether a property can be set. yii\base\Object
className() Returns the fully qualified name of this class. yii\base\Object
detachBehavior() Detaches a behavior from the component. yii\base\Component
detachBehaviors() Detaches all behaviors from the component. yii\base\Component
ensureBehaviors() Makes sure that the behaviors declared in behaviors() are attached to this component. yii\base\Component
getBehavior() Returns the named behavior object. yii\base\Component
getBehaviors() Returns all behaviors attached to this component. yii\base\Component
hasEventHandlers() Returns a value indicating whether there is any handler attached to the named event. yii\base\Component
hasMethod() Returns a value indicating whether a method is defined. yii\base\Object
hasProperty() Returns a value indicating whether a property is defined. yii\base\Object
init() Initializes the object. yii\base\Object
off() Detaches an existing event handler from this component. yii\base\Component
on() Attaches an event handler to an event. yii\base\Component
trigger() Triggers an event. yii\base\Component

Protected Methods

Method Description Defined By
matchAction() yii\filters\AccessRule
matchController() yii\filters\AccessRule
matchCustom() yii\filters\AccessRule
matchIP() yii\filters\AccessRule
matchRole() yii\filters\AccessRule
matchVerb() yii\filters\AccessRule

Property Details

$actions public property

List of action IDs that this rule applies to. The comparison is case-sensitive. If not set or empty, it means this rule applies to all actions.

public array $actions = null

$allow public property

Whether this is an 'allow' rule or 'deny' rule.

public boolean $allow = null

$controllers public property

List of the controller IDs that this rule applies to.

The comparison uses yii\base\Controller::$uniqueId, so each controller ID is prefixed with the module ID (if any). For a product controller in the application, you would specify this property like ['product'] and if that controller is located in a shop module, this would be ['shop/product'].

The comparison is case-sensitive.

If not set or empty, it means this rule applies to all controllers.

Since version 2.0.12 controller IDs can be specified as wildcards, e.g. module/*.

public array $controllers = null

$denyCallback public property

A callback that will be called if this rule determines the access to the current action should be denied. If not set, the behavior will be determined by yii\filters\AccessControl.

The signature of the callback should be as follows:

function ($rule, $action)

where $rule is this rule, and $action is the current action object.

public callable $denyCallback = null

$ips public property

List of user IP addresses that this rule applies to. An IP address can contain the wildcard * at the end so that it matches IP addresses with the same prefix. For example, '192.168.*' matches all IP addresses in the segment '192.168.'. If not set or empty, it means this rule applies to all IP addresses.

See also yii\web\Request::$userIP.

public array $ips = null

$matchCallback public property

A callback that will be called to determine if the rule should be applied. The signature of the callback should be as follows:

function ($rule, $action)

where $rule is this rule, and $action is the current action object. The callback should return a boolean value indicating whether this rule should be applied.

public callable $matchCallback = null

$roleParams public property (available since version 2.0.12)

Parameters to pass to the yii\web\User::can() function for evaluating user permissions in $roles.

If this is an array, it will be passed directly to yii\web\User::can(). For example for passing an ID from the current request, you may use the following:

['postId' => Yii::$app->request->get('id')]

You may also specify a closure that returns an array. This can be used to evaluate the array values only if they are needed, for example when a model needs to be loaded like in the following code:

'rules' => [
    [
        'allow' => true,
        'actions' => ['update'],
        'roles' => ['updatePost'],
        'roleParams' => function($rule) {
            return ['post' => Post::findOne(Yii::$app->request->get('id'))];
        },
    ],
],

A reference to the yii\filters\AccessRule instance will be passed to the closure as the first parameter.

See also $roles.

public array|Closure $roleParams = []

$roles public property

List of roles that this rule applies to (requires properly configured User component). Two special roles are recognized, and they are checked via yii\web\User::$isGuest:

  • ?: matches a guest user (not authenticated yet)
  • @: matches an authenticated user

If you are using RBAC (Role-Based Access Control), you may also specify role or permission names. In this case, yii\web\User::can() will be called to check access.

If this property is not set or empty, it means this rule applies to all roles.

See also $roleParams.

public array $roles = null

$verbs public property

List of request methods (e.g. GET, POST) that this rule applies to. If not set or empty, it means this rule applies to all request methods.

See also yii\web\Request::$method.

public array $verbs = null

Method Details

allows() public method

Checks whether the Web user is allowed to perform the specified action.

public boolean|null allows ( $action, $user, $request )
$action yii\base\Action

The action to be performed

$user yii\web\User|false

The user object or false in case of detached User component

$request yii\web\Request
return boolean|null

true if the user is allowed, false if the user is denied, null if the rule does not apply to the user

matchAction() protected method

protected boolean matchAction ( $action )
$action yii\base\Action

The action

return boolean

Whether the rule applies to the action

matchController() protected method

protected boolean matchController ( $controller )
$controller yii\base\Controller

The controller

return boolean

Whether the rule applies to the controller

matchCustom() protected method

protected boolean matchCustom ( $action )
$action yii\base\Action

The action to be performed

return boolean

Whether the rule should be applied

matchIP() protected method

protected boolean matchIP ( $ip )
$ip string|null

The IP address

return boolean

Whether the rule applies to the IP address

matchRole() protected method

protected boolean matchRole ( $user )
$user yii\web\User

The user object

return boolean

Whether the rule applies to the role

throws yii\base\InvalidConfigException

if User component is detached

matchVerb() protected method

protected boolean matchVerb ( $verb )
$verb string

The request method.

return boolean

Whether the rule applies to the request

© 2008–2017 by Yii Software LLC
Licensed under the three clause BSD license.
http://www.yiiframework.com/doc-2.0/yii-filters-accessrule.html