Class yii\filters\AccessRule

All Classes | Properties | Methods
Inheritanceyii\filters\AccessRule » yii\base\Component » yii\base\Object
Implementsyii\base\Configurable
Available since version2.0
Source Code https://github.com/yiisoft/yii2/blob/master/framework/filters/AccessRule.php

This class represents an access rule defined by the yii\filters\AccessControl action filter

Public Properties

Hide inherited properties

PropertyTypeDescriptionDefined By
$actions array List of action IDs that this rule applies to. yii\filters\AccessRule
$allow boolean Whether this is an 'allow' rule or 'deny' rule. yii\filters\AccessRule
$behaviors yii\base\Behavior[] List of behaviors attached to this component yii\base\Component
$controllers array List of the controller IDs that this rule applies to. yii\filters\AccessRule
$denyCallback callable A callback that will be called if this rule determines the access to the current action should be denied. yii\filters\AccessRule
$ips array List of user IP addresses that this rule applies to. yii\filters\AccessRule
$matchCallback callable A callback that will be called to determine if the rule should be applied. yii\filters\AccessRule
$roleParams array|Closure Parameters to pass to the yii\web\User::can() function for evaluating user permissions in $roles. yii\filters\AccessRule
$roles array List of roles that this rule applies to (requires properly configured User component). yii\filters\AccessRule
$verbs array List of request methods (e.g. GET, POST) that this rule applies to. yii\filters\AccessRule

Public Methods

Hide inherited methods

MethodDescriptionDefined By
__call() Calls the named method which is not a class method. yii\base\Component
__clone() This method is called after the object is created by cloning an existing one. yii\base\Component
__construct() Constructor. yii\base\Object
__get() Returns the value of a component property. yii\base\Component
__isset() Checks if a property is set, i.e. defined and not null. yii\base\Component
__set() Sets the value of a component property. yii\base\Component
__unset() Sets a component property to be null. yii\base\Component
allows() Checks whether the Web user is allowed to perform the specified action. yii\filters\AccessRule
attachBehavior() Attaches a behavior to this component. yii\base\Component
attachBehaviors() Attaches a list of behaviors to the component. yii\base\Component
behaviors() Returns a list of behaviors that this component should behave as. yii\base\Component
canGetProperty() Returns a value indicating whether a property can be read. yii\base\Component
canSetProperty() Returns a value indicating whether a property can be set. yii\base\Component
className() Returns the fully qualified name of this class. yii\base\Object
detachBehavior() Detaches a behavior from the component. yii\base\Component
detachBehaviors() Detaches all behaviors from the component. yii\base\Component
ensureBehaviors() Makes sure that the behaviors declared in behaviors() are attached to this component. yii\base\Component
getBehavior() Returns the named behavior object. yii\base\Component
getBehaviors() Returns all behaviors attached to this component. yii\base\Component
hasEventHandlers() Returns a value indicating whether there is any handler attached to the named event. yii\base\Component
hasMethod() Returns a value indicating whether a method is defined. yii\base\Component
hasProperty() Returns a value indicating whether a property is defined for this component. yii\base\Component
init() Initializes the object. yii\base\Object
off() Detaches an existing event handler from this component. yii\base\Component
on() Attaches an event handler to an event. yii\base\Component
trigger() Triggers an event. yii\base\Component

Protected Methods

Hide inherited methods

MethodDescriptionDefined By
matchAction() yii\filters\AccessRule
matchController() yii\filters\AccessRule
matchCustom() yii\filters\AccessRule
matchIP() yii\filters\AccessRule
matchRole() yii\filters\AccessRule
matchVerb() yii\filters\AccessRule

Property Details

$actions public property

List of action IDs that this rule applies to. The comparison is case-sensitive. If not set or empty, it means this rule applies to all actions.

public array $actions null
$allow public property

Whether this is an 'allow' rule or 'deny' rule.

public boolean $allow null
$controllers public property

List of the controller IDs that this rule applies to.

The comparison uses yii\base\Controller::$uniqueId, so each controller ID is prefixed with the module ID (if any). For a product controller in the application, you would specify this property like ['product'] and if that controller is located in a shop module, this would be ['shop/product'].

The comparison is case-sensitive.

If not set or empty, it means this rule applies to all controllers.

Since version 2.0.12 controller IDs can be specified as wildcards, e.g. module/*.

public array $controllers null
$denyCallback public property

A callback that will be called if this rule determines the access to the current action should be denied. If not set, the behavior will be determined by yii\filters\AccessControl.

The signature of the callback should be as follows:

function ($rule, $action)

where $rule is this rule, and $action is the current action object.

public callable $denyCallback null
$ips public property

List of user IP addresses that this rule applies to. An IP address can contain the wildcard * at the end so that it matches IP addresses with the same prefix. For example, '192.168.*' matches all IP addresses in the segment '192.168.'. If not set or empty, it means this rule applies to all IP addresses.

See also yii\web\Request::$userIP.

public array $ips null
$matchCallback public property

A callback that will be called to determine if the rule should be applied. The signature of the callback should be as follows:

function ($rule, $action)

where $rule is this rule, and $action is the current action object. The callback should return a boolean value indicating whether this rule should be applied.

public callable $matchCallback null
$roleParams public property (available since version 2.0.12)

Parameters to pass to the yii\web\User::can() function for evaluating user permissions in $roles.

If this is an array, it will be passed directly to yii\web\User::can(). For example for passing an ID from the current request, you may use the following:

['postId' => Yii::$app->request->get('id')]

You may also specify a closure that returns an array. This can be used to evaluate the array values only if they are needed, for example when a model needs to be loaded like in the following code:

'rules' => [
    [
        'allow' => true,
        'actions' => ['update'],
        'roles' => ['updatePost'],
        'roleParams' => function($rule) {
            return ['post' => Post::findOne(Yii::$app->request->get('id'))];
        },
    ],
],

A reference to the yii\filters\AccessRule instance will be passed to the closure as the first parameter.

See also $roles.

public array|Closure $roleParams = []
$roles public property

List of roles that this rule applies to (requires properly configured User component). Two special roles are recognized, and they are checked via yii\web\User::$isGuest:

  • ?: matches a guest user (not authenticated yet)
  • @: matches an authenticated user

If you are using RBAC (Role-Based Access Control), you may also specify role or permission names. In this case, yii\web\User::can() will be called to check access.

If this property is not set or empty, it means this rule applies to all roles.

See also $roleParams.

public array $roles null
$verbs public property

List of request methods (e.g. GET, POST) that this rule applies to. If not set or empty, it means this rule applies to all request methods.

See also yii\web\Request::$method.

public array $verbs null

Method Details

allows() public method

Checks whether the Web user is allowed to perform the specified action.

public boolean|null allows ( $action, $user, $request )
$action yii\base\Action

The action to be performed
$user yii\web\User|false

The user object or false in case of detached User component
$request yii\web\Request
return boolean|null

true if the user is allowed, false if the user is denied, null if the rule does not apply to the user
matchAction() protected method

protected boolean matchAction ( $action )
$action yii\base\Action

The action
return boolean

Whether the rule applies to the action
matchController() protected method

protected boolean matchController ( $controller )
$controller yii\base\Controller

The controller
return boolean

Whether the rule applies to the controller
matchCustom() protected method

protected boolean matchCustom ( $action )
$action yii\base\Action

The action to be performed
return boolean

Whether the rule should be applied
matchIP() protected method

protected boolean matchIP ( $ip )
$ip string|null

The IP address
return boolean

Whether the rule applies to the IP address
matchRole() protected method

protected boolean matchRole ( $user )
$user yii\web\User

The user object
return boolean

Whether the rule applies to the role
throws yii\base\InvalidConfigException

if User component is detached
matchVerb() protected method

protected boolean matchVerb ( $verb )
$verb string

The request method.
return boolean

Whether the rule applies to the request