Class yii\filters\AccessRule

Inheritanceyii\filters\AccessRule » yii\base\Component » yii\base\BaseObject
Implementsyii\base\Configurable
Available since version2.0
Source Code https://github.com/yiisoft/yii2/blob/master/framework/filters/AccessRule.php

This class represents an access rule defined by the yii\filters\AccessControl action filter.

Public Properties

Hide inherited properties

PropertyTypeDescriptionDefined By
$actions array|null List of action IDs that this rule applies to. yii\filters\AccessRule
$allow boolean Whether this is an 'allow' rule or 'deny' rule. yii\filters\AccessRule
$behaviors yii\base\Behavior[] List of behaviors attached to this component. yii\base\Component
$controllers array|null List of the controller IDs that this rule applies to. yii\filters\AccessRule
$denyCallback callable|null A callback that will be called if this rule determines the access to the current action should be denied. yii\filters\AccessRule
$ips array|null List of user IP addresses that this rule applies to. yii\filters\AccessRule
$matchCallback callable A callback that will be called to determine if the rule should be applied. yii\filters\AccessRule
$permissions array|null List of RBAC (Role-Based Access Control) permissions that this rules applies to. yii\filters\AccessRule
$roleParams array|Closure Parameters to pass to the yii\web\User::can() function for evaluating user permissions in $roles. yii\filters\AccessRule
$roles array|null List of roles that this rule applies to (requires properly configured User component). yii\filters\AccessRule
$verbs array|null List of request methods (e.g. GET, POST) that this rule applies to. yii\filters\AccessRule

Public Methods

Hide inherited methods

MethodDescriptionDefined By
__call() Calls the named method which is not a class method. yii\base\Component
__clone() This method is called after the object is created by cloning an existing one. yii\base\Component
__construct() Constructor. yii\base\BaseObject
__get() Returns the value of a component property. yii\base\Component
__isset() Checks if a property is set, i.e. defined and not null. yii\base\Component
__set() Sets the value of a component property. yii\base\Component
__unset() Sets a component property to be null. yii\base\Component
allows() Checks whether the Web user is allowed to perform the specified action. yii\filters\AccessRule
attachBehavior() Attaches a behavior to this component. yii\base\Component
attachBehaviors() Attaches a list of behaviors to the component. yii\base\Component
behaviors() Returns a list of behaviors that this component should behave as. yii\base\Component
canGetProperty() Returns a value indicating whether a property can be read. yii\base\Component
canSetProperty() Returns a value indicating whether a property can be set. yii\base\Component
className() Returns the fully qualified name of this class. yii\base\BaseObject
detachBehavior() Detaches a behavior from the component. yii\base\Component
detachBehaviors() Detaches all behaviors from the component. yii\base\Component
ensureBehaviors() Makes sure that the behaviors declared in behaviors() are attached to this component. yii\base\Component
getBehavior() Returns the named behavior object. yii\base\Component
getBehaviors() Returns all behaviors attached to this component. yii\base\Component
hasEventHandlers() Returns a value indicating whether there is any handler attached to the named event. yii\base\Component
hasMethod() Returns a value indicating whether a method is defined. yii\base\Component
hasProperty() Returns a value indicating whether a property is defined for this component. yii\base\Component
init() Initializes the object. yii\base\BaseObject
off() Detaches an existing event handler from this component. yii\base\Component
on() Attaches an event handler to an event. yii\base\Component
trigger() Triggers an event. yii\base\Component

Property Details

$actions public property

List of action IDs that this rule applies to. The comparison is case-sensitive. If not set or empty, it means this rule applies to all actions.

public array|null $actions null
$allow public property

Whether this is an 'allow' rule or 'deny' rule.

public boolean $allow false
$controllers public property

List of the controller IDs that this rule applies to.

The comparison uses yii\base\Controller::$uniqueId, so each controller ID is prefixed with the module ID (if any). For a product controller in the application, you would specify this property like ['product'] and if that controller is located in a shop module, this would be ['shop/product'].

The comparison is case-sensitive.

If not set or empty, it means this rule applies to all controllers.

Since version 2.0.12 controller IDs can be specified as wildcards, e.g. module/*.

public array|null $controllers null
$denyCallback public property

A callback that will be called if this rule determines the access to the current action should be denied. This is the case when this rule matches and $allow is set to false.

If not set, the behavior will be determined by yii\filters\AccessControl, either using yii\filters\AccessControl::denyAccess() or yii\filters\AccessControl::$denyCallback, if configured.

The signature of the callback should be as follows:

function ($rule, $action)

where $rule is this rule, and $action is the current action object.

See also yii\filters\AccessControl::$denyCallback.

public callable|null $denyCallback null
$ips public property

List of user IP addresses that this rule applies to. An IP address can contain the wildcard * at the end so that it matches IP addresses with the same prefix. For example, '192.168.*' matches all IP addresses in the segment '192.168.'. It may also contain a pattern/mask like '172.16.0.0/12' which would match all IPs from the 20-bit private network block in RFC1918. If not set or empty, it means this rule applies to all IP addresses.

See also:

public array|null $ips null
$matchCallback public property

A callback that will be called to determine if the rule should be applied. The signature of the callback should be as follows:

function ($rule, $action)

where $rule is this rule, and $action is the current action object. The callback should return a boolean value indicating whether this rule should be applied.

public callable $matchCallback null
$permissions public property (available since version 2.0.12)

List of RBAC (Role-Based Access Control) permissions that this rules applies to. yii\web\User::can() will be called to check access.

If this property is not set or empty, it means this rule applies regardless of permissions.

See also:

public array|null $permissions null
$roleParams public property (available since version 2.0.12)

Parameters to pass to the yii\web\User::can() function for evaluating user permissions in $roles.

If this is an array, it will be passed directly to yii\web\User::can(). For example for passing an ID from the current request, you may use the following:

['postId' => Yii::$app->request->get('id')]

You may also specify a closure that returns an array. This can be used to evaluate the array values only if they are needed, for example when a model needs to be loaded like in the following code:

'rules' => [
    [
        'allow' => true,
        'actions' => ['update'],
        'roles' => ['updatePost'],
        'roleParams' => function($rule) {
            return ['post' => Post::findOne(Yii::$app->request->get('id'))];
        },
    ],
],

A reference to the yii\filters\AccessRule instance will be passed to the closure as the first parameter.

See also $roles.

$roles public property

List of roles that this rule applies to (requires properly configured User component). Two special roles are recognized, and they are checked via yii\web\User::$isGuest:

  • ?: matches a guest user (not authenticated yet)
  • @: matches an authenticated user

If you are using RBAC (Role-Based Access Control), you may also specify role names. In this case, yii\web\User::can() will be called to check access.

Note that it is preferred to check for permissions instead.

If this property is not set or empty, it means this rule applies regardless of roles.

See also:

public array|null $roles null
$verbs public property

List of request methods (e.g. GET, POST) that this rule applies to. If not set or empty, it means this rule applies to all request methods.

See also yii\web\Request::$method.

public array|null $verbs null

Method Details

allows() public method

Checks whether the Web user is allowed to perform the specified action.

public boolean|null allows ( $action, $user, $request )
$action yii\base\Action

The action to be performed

$user yii\web\User|false

The user object or false in case of detached User component

$request yii\web\Request
return boolean|null

true if the user is allowed, false if the user is denied, null if the rule does not apply to the user

matchAction() protected method

protected boolean matchAction ( $action )
$action yii\base\Action

The action

return boolean

Whether the rule applies to the action

matchController() protected method

protected boolean matchController ( $controller )
$controller yii\base\Controller

The controller

return boolean

Whether the rule applies to the controller

matchCustom() protected method

protected boolean matchCustom ( $action )
$action yii\base\Action

The action to be performed

return boolean

Whether the rule should be applied

matchIP() protected method

protected boolean matchIP ( $ip )
$ip string|null

The IP address

return boolean

Whether the rule applies to the IP address

matchRole() protected method

protected boolean matchRole ( $user )
$user yii\web\User

The user object

return boolean

Whether the rule applies to the role

throws yii\base\InvalidConfigException

if User component is detached

matchVerb() protected method

protected boolean matchVerb ( $verb )
$verb string

The request method.

return boolean

Whether the rule applies to the request