system system.base system.caching system.caching.dependencies system.collections system.console system.db system.db.ar system.db.schema system.db.schema.cubrid system.db.schema.mssql system.db.schema.mysql system.db.schema.oci system.db.schema.pgsql system.db.schema.sqlite system.gii system.i18n system.i18n.gettext system.logging system.test system.utils system.validators system.web system.web.actions system.web.auth system.web.filters system.web.form system.web.helpers system.web.renderers system.web.services system.web.widgets system.web.widgets.captcha system.web.widgets.pagers zii.behaviors zii.widgets zii.widgets.grid zii.widgets.jui

CAccessRule

system.web.auth
继承 class CAccessRule » CComponent
可用自 1.0
源码 framework/web/auth/CAccessControlFilter.php
CAccessRule represents an access rule that is managed by CAccessControlFilter.

公共属性

隐藏继承的属性

属性类型描述被定义在
actions array list of action IDs that this rule applies to. CAccessRule
allow boolean whether this is an 'allow' rule or 'deny' rule. CAccessRule
controllers array list of controller IDs that this rule applies to. CAccessRule
deniedCallback mixed the denied method callback that will be called once the access is denied. CAccessRule
expression string a PHP expression whose value indicates whether this rule should be applied. CAccessRule
ips array IP patterns. CAccessRule
message string the error message to be displayed when authorization is denied by this rule. CAccessRule
roles array list of roles this rule applies to. CAccessRule
users array list of user names that this rule applies to. CAccessRule
verbs array list of request types (e.g. GET, POST) that this rule applies to. CAccessRule

公共方法

隐藏继承的方法

方法描述被定义在
__call() Calls the named method which is not a class method. CComponent
__get() Returns a property value, an event handler list or a behavior based on its name. CComponent
__isset() Checks if a property value is null. CComponent
__set() Sets value of a component property. CComponent
__unset() Sets a component property to be null. CComponent
asa() Returns the named behavior object. CComponent
attachBehavior() Attaches a behavior to this component. CComponent
attachBehaviors() Attaches a list of behaviors to the component. CComponent
attachEventHandler() Attaches an event handler to an event. CComponent
canGetProperty() Determines whether a property can be read. CComponent
canSetProperty() Determines whether a property can be set. CComponent
detachBehavior() Detaches a behavior from the component. CComponent
detachBehaviors() Detaches all behaviors from the component. CComponent
detachEventHandler() Detaches an existing event handler. CComponent
disableBehavior() Disables an attached behavior. CComponent
disableBehaviors() Disables all behaviors attached to this component. CComponent
enableBehavior() Enables an attached behavior. CComponent
enableBehaviors() Enables all behaviors attached to this component. CComponent
evaluateExpression() Evaluates a PHP expression or callback under the context of this component. CComponent
getEventHandlers() Returns the list of attached event handlers for an event. CComponent
hasEvent() Determines whether an event is defined. CComponent
hasEventHandler() Checks whether the named event has attached handlers. CComponent
hasProperty() Determines whether a property is defined. CComponent
isUserAllowed() Checks whether the Web user is allowed to perform the specified action. CAccessRule
raiseEvent() Raises an event. CComponent

受保护的方法

隐藏继承的方法

方法描述被定义在
isActionMatched() CAccessRule
isControllerMatched() CAccessRule
isExpressionMatched() CAccessRule
isIpMatched() CAccessRule
isRoleMatched() CAccessRule
isUserMatched() CAccessRule
isVerbMatched() CAccessRule

属性详情

actions 属性
public array $actions;

list of action IDs that this rule applies to. The comparison is case-insensitive. If no actions are specified, rule applies to all actions.

allow 属性
public boolean $allow;

whether this is an 'allow' rule or 'deny' rule.

controllers 属性
public array $controllers;

list of controller IDs that this rule applies to. The comparison is case-insensitive.

deniedCallback 属性 (自版本 v1.1.11 可用)
public mixed $deniedCallback;

the denied method callback that will be called once the access is denied. It replaces the behavior that shows an error message. It can be a valid PHP callback including class method name (array(ClassName/Object, MethodName)), or anonymous function (PHP 5.3.0+). For more information, on different options, check

expression 属性
public string $expression;

a PHP expression whose value indicates whether this rule should be applied. In this expression, you can use $user which refers to Yii::app()->user. The expression can also be a valid PHP callback, including class method name (array(ClassName/Object, MethodName)), or anonymous function (PHP 5.3.0+). The function/method signature should be as follows:

function foo($user, $rule) { ... }
where $user is the current application user object and $rule is this access rule.

The PHP expression will be evaluated using evaluateExpression.

A PHP expression can be any PHP code that has a value. To learn more about what an expression is, please refer to the php manual.

ips 属性
public array $ips;

IP patterns.

message 属性 (自版本 v1.1.1 可用)
public string $message;

the error message to be displayed when authorization is denied by this rule. If not set, a default error message will be displayed.

roles 属性
public array $roles;

list of roles this rule applies to. For each role, the current user's CWebUser::checkAccess method will be invoked. If one of the invocations returns true, the rule will be applied. Note, you should mainly use roles in an "allow" rule because by definition, a role represents a permission collection.

参见

users 属性
public array $users;

list of user names that this rule applies to. The comparison is case-insensitive. If no user names are specified, rule applies to all users.

verbs 属性
public array $verbs;

list of request types (e.g. GET, POST) that this rule applies to.

方法详情

isActionMatched() 方法
protected boolean isActionMatched(CAction $action)
$action CAction the action
{return} boolean whether the rule applies to the action
源码: framework/web/auth/CAccessControlFilter.php#299 (显示)
protected function isActionMatched($action)
{
    return empty(
$this->actions) || in_array(strtolower($action->getId()),$this->actions);
}

isControllerMatched() 方法
protected boolean isControllerMatched(CController $controller)
$controller CController the controller
{return} boolean whether the rule applies to the controller
源码: framework/web/auth/CAccessControlFilter.php#308 (显示)
protected function isControllerMatched($controller)
{
    return empty(
$this->controllers) || in_array(strtolower($controller->getUniqueId()),$this->controllers);
}

isExpressionMatched() 方法
protected boolean isExpressionMatched(IWebUser $user)
$user IWebUser the user
{return} boolean the expression value. True if the expression is not specified.
源码: framework/web/auth/CAccessControlFilter.php#388 (显示)
protected function isExpressionMatched($user)
{
    if(
$this->expression===null)
        return 
true;
    else
        return 
$this->evaluateExpression($this->expression, array('user'=>$user));
}

isIpMatched() 方法
protected boolean isIpMatched(string $ip)
$ip string the IP address
{return} boolean whether the rule applies to the IP address
源码: framework/web/auth/CAccessControlFilter.php#363 (显示)
protected function isIpMatched($ip)
{
    if(empty(
$this->ips))
        return 
true;
    foreach(
$this->ips as $rule)
    {
        if(
$rule==='*' || $rule===$ip || (($pos=strpos($rule,'*'))!==false && !strncmp($ip,$rule,$pos)))
            return 
true;
    }
    return 
false;
}

isRoleMatched() 方法
protected boolean isRoleMatched(IWebUser $user)
$user IWebUser the user object
{return} boolean whether the rule applies to the role
源码: framework/web/auth/CAccessControlFilter.php#339 (显示)
protected function isRoleMatched($user)
{
    if(empty(
$this->roles))
        return 
true;
    foreach(
$this->roles as $key=>$role)
    {
        if(
is_numeric($key))
        {
            if(
$user->checkAccess($role))
                return 
true;
        }
        else
        {
            if(
$user->checkAccess($key,$role))
                return 
true;
        }
    }
    return 
false;
}

isUserAllowed() 方法
public integer isUserAllowed(CWebUser $user, CController $controller, CAction $action, string $ip, string $verb)
$user CWebUser the user object
$controller CController the controller currently being executed
$action CAction the action to be performed
$ip string the request IP address
$verb string the request verb (GET, POST, etc.)
{return} integer 1 if the user is allowed, -1 if the user is denied, 0 if the rule does not apply to the user
源码: framework/web/auth/CAccessControlFilter.php#281 (显示)
public function isUserAllowed($user,$controller,$action,$ip,$verb)
{
    if(
$this->isActionMatched($action)
        && 
$this->isUserMatched($user)
        && 
$this->isRoleMatched($user)
        && 
$this->isIpMatched($ip)
        && 
$this->isVerbMatched($verb)
        && 
$this->isControllerMatched($controller)
        && 
$this->isExpressionMatched($user))
        return 
$this->allow : -1;
    else
        return 
0;
}

Checks whether the Web user is allowed to perform the specified action.

isUserMatched() 方法
protected boolean isUserMatched(IWebUser $user)
$user IWebUser the user
{return} boolean whether the rule applies to the user
源码: framework/web/auth/CAccessControlFilter.php#317 (显示)
protected function isUserMatched($user)
{
    if(empty(
$this->users))
        return 
true;
    foreach(
$this->users as $u)
    {
        if(
$u==='*')
            return 
true;
        elseif(
$u==='?' && $user->getIsGuest())
            return 
true;
        elseif(
$u==='@' && !$user->getIsGuest())
            return 
true;
        elseif(!
strcasecmp($u,$user->getName()))
            return 
true;
    }
    return 
false;
}

isVerbMatched() 方法
protected boolean isVerbMatched(string $verb)
$verb string the request method
{return} boolean whether the rule applies to the request
源码: framework/web/auth/CAccessControlFilter.php#379 (显示)
protected function isVerbMatched($verb)
{
    return empty(
$this->verbs) || in_array(strtolower($verb),$this->verbs);
}