Class CAccessControlFilter

CAccessControlFilter performs authorization checks for the specified actions.

By enabling this filter, controller actions can be checked for access permissions. When the user is not denied by one of the security rules or allowed by a rule explicitly, he will be able to access the action.

For maximum security consider adding

array('deny')

as a last rule in a list so all actions will be denied by default.

To specify the access rules, set the setRules rules property, which should be an array of the rules. Each rule is specified as an array of the following structure:

array(
  'allow',  // or 'deny'

  // optional, list of action IDs (case insensitive) that this rule applies to
  // if not specified or empty, rule applies to all actions
  'actions'=>array('edit', 'delete'),

  // optional, list of controller IDs (case insensitive) that this rule applies to
  'controllers'=>array('post', 'admin/user'),

  // optional, list of usernames (case insensitive) that this rule applies to
  // Use * to represent all users, ? guest users, and @ authenticated users
  'users'=>array('thomas', 'kevin'),

  // optional, list of roles (case sensitive!) that this rule applies to.
  'roles'=>array('admin', 'editor'),

  // since version 1.1.11 you can pass parameters for RBAC bizRules
  'roles'=>array('updateTopic'=>array('topic'=>$topic))

  // optional, list of IP address/patterns that this rule applies to
  // e.g. 127.0.0.1, 127.0.0.*
  'ips'=>array('127.0.0.1'),

  // optional, list of request types (case insensitive) that this rule applies to
  'verbs'=>array('GET', 'POST'),

  // optional, a PHP expression whose value indicates whether this rule applies
  // The PHP expression will be evaluated using CComponent::evaluateExpression().
  // A PHP expression can be any PHP code that has a value. To learn more about what an expression is,
  // please refer to the php manual.
  'expression'=>'!$user->isGuest && $user->level==2',

  // optional, the customized error message to be displayed
  // This option is available since version 1.1.1.
  'message'=>'Access Denied.',

  // optional, the denied method callback name, that will be called once the
  // access is denied, instead of showing the customized error message. It can also be
  // a valid PHP callback, including class method name (array(ClassName/Object, MethodName)),
  // or anonymous function (PHP 5.3.0+). The function/method signature should be as follows:
  // function foo($user, $rule) { ... }
  // where $user is the current application user object and $rule is this access rule.
  // This option is available since version 1.1.11.
  'deniedCallback'=>'redirectToDeniedMethod',
)

CComponent

CFilter implements IFilter

CAccessControlFilter

Package: system\web\auth
Copyright: 2008-2013 Yii Software LLC
License: http://www.yiiframework.com/license/
Author: Qiang Xue <qiang.xue@gmail.com>
Since: 1.0
Located at x2engine/framework/web/auth/CAccessControlFilter.php

Methods summary
`public array`	# `getRules( )` Returns `array` list of access rules.
`public`	# `setRules( array $rules )` Parameters `$rules` `array` $rules list of access rules.
`protected boolean`	# `preFilter( CFilterChain $filterChain )` Performs the pre-action filtering. Performs the pre-action filtering. Parameters `$filterChain` `CFilterChain` $filterChain the filter chain that the filter is on. Returns `boolean` whether the filtering process should continue and the action should be executed. Overrides `CFilter::preFilter()`
`protected string`	# `resolveErrorMessage( CAccessRule $rule )` Resolves the error message to be displayed. This method will check `CAccessControlFilter::$message` and `CAccessRule::$message` to see what error message should be displayed. Resolves the error message to be displayed. This method will check `CAccessControlFilter::$message` and `CAccessRule::$message` to see what error message should be displayed. Parameters `$rule` `CAccessRule` $rule the access rule Returns `string` the error message Since 1.1.1
`protected`	# `accessDenied( IWebUser $user, string $message )` Denies the access of the user. This method is invoked when access check fails. Denies the access of the user. This method is invoked when access check fails. Parameters `$user` `IWebUser` $user the current user `$message` `string` $message the error message to be displayed

Methods inherited from CFilter
`filter(), init(), postFilter()`

Methods inherited from CComponent
`__call(), __get(), __isset(), __set(), __unset(), asa(), attachBehavior(), attachBehaviors(), attachEventHandler(), canGetProperty(), canSetProperty(), detachBehavior(), detachBehaviors(), detachEventHandler(), disableBehavior(), disableBehaviors(), enableBehavior(), enableBehaviors(), evaluateExpression(), getEventHandlers(), hasEvent(), hasEventHandler(), hasProperty(), raiseEvent()`

Properties summary
`public string`	`$message`		# the error message to be displayed when authorization fails. This property can be overridden by individual access rule via `CAccessRule::$message`. If this property is not set, a default error message will be displayed. the error message to be displayed when authorization fails. This property can be overridden by individual access rule via `CAccessRule::$message`. If this property is not set, a default error message will be displayed. Since 1.1.1

Magic properties summary
`public array`	`$rules`	# List of access rules. List of access rules.

Packages

Classes

Class CAccessControlFilter

Returns

Parameters

Parameters

Returns

Overrides

Parameters

Returns

Since

Parameters

Since