没有命名空间的类 yii yii\base yii\behaviors yii\caching yii\captcha yii\console yii\console\controllers yii\console\widgets yii\data yii\db yii\db\conditions yii\db\cubrid yii\db\cubrid\conditions yii\db\mssql yii\db\mssql\conditions yii\db\mysql yii\db\oci yii\db\oci\conditions yii\db\pgsql yii\db\sqlite yii\db\sqlite\conditions yii\di yii\filters yii\filters\auth yii\grid yii\helpers yii\i18n yii\log yii\mail yii\mutex yii\rbac yii\rest yii\test yii\validators yii\web yii\widgets

Class yii\filters\AccessControl

继承yii\filters\AccessControl » yii\base\ActionFilter » yii\base\Behavior » yii\base\BaseObject
实现yii\base\Configurable
可用版本自2.0
源码 https://github.com/yiichina/yii2/blob/api/framework/filters/AccessControl.php

AccessControl provides simple access control based on a set of rules.

AccessControl is an action filter. It will check its $rules to find the first rule that matches the current context variables (such as user IP address, user role). The matching rule will dictate whether to allow or deny the access to the requested controller action. If no rule matches, the access will be denied.

To use AccessControl, declare it in the behaviors() method of your controller class. For example, the following declarations will allow authenticated users to access the "create" and "update" actions and deny all other users from accessing these two actions.

public function behaviors()
{
    return [
        'access' => [
            'class' => \yii\filters\AccessControl::className(),
            'only' => ['create', 'update'],
            'rules' => [
                // deny all POST requests
                [
                    'allow' => false,
                    'verbs' => ['POST']
                ],
                // allow authenticated users
                [
                    'allow' => true,
                    'roles' => ['@'],
                ],
                // everything else is denied
            ],
        ],
    ];
}

公共属性

隐藏继承的属性

属性类型描述被定义在
$denyCallback callable A callback that will be called if the access should be denied to the current user. yii\filters\AccessControl
$except array List of action IDs that this filter should not apply to. yii\base\ActionFilter
$only array List of action IDs that this filter should apply to. yii\base\ActionFilter
$owner yii\base\Component|null The owner of this behavior yii\base\Behavior
$ruleConfig array The default configuration of access rules. yii\filters\AccessControl
$rules array A list of access rule objects or configuration arrays for creating the rule objects. yii\filters\AccessControl
$user yii\web\User|array|string|false The user object representing the authentication status or the ID of the user application component. yii\filters\AccessControl

公共方法

隐藏继承的方法

方法描述被定义在
__call() Calls the named method which is not a class method. yii\base\BaseObject
__construct() Constructor. yii\base\BaseObject
__get() Returns the value of an object property. yii\base\BaseObject
__isset() Checks if a property is set, i.e. defined and not null. yii\base\BaseObject
__set() Sets value of an object property. yii\base\BaseObject
__unset() Sets an object property to null. yii\base\BaseObject
afterAction() 执行动作后立即调用此方法。 您可以覆盖此方法以对操作执行一些后处理。 yii\base\ActionFilter
afterFilter() yii\base\ActionFilter
attach() Attaches the behavior object to the component. yii\base\Behavior
beforeAction() This method is invoked right before an action is to be executed (after all possible filters.) You may override this method to do last-minute preparation for the action. yii\filters\AccessControl
beforeFilter() yii\base\ActionFilter
canGetProperty() Returns a value indicating whether a property can be read. yii\base\BaseObject
canSetProperty() Returns a value indicating whether a property can be set. yii\base\BaseObject
className() Returns the fully qualified name of this class. yii\base\BaseObject
detach() Detaches the behavior object from the component. yii\base\Behavior
events() Declares event handlers for the $owner's events. yii\base\Behavior
hasMethod() Returns a value indicating whether a method is defined. yii\base\BaseObject
hasProperty() Returns a value indicating whether a property is defined. yii\base\BaseObject
init() Initializes the $rules array by instantiating rule objects from configurations. yii\filters\AccessControl

受保护的方法

隐藏继承的方法

方法描述被定义在
denyAccess() Denies the access of the user. yii\filters\AccessControl
getActionId() 通过将 yii\base\Action::$uniqueId 转换为相对于模块的 ID 来返回动作 ID。 yii\base\ActionFilter
isActive() 返回一个值,该值指示过滤器对于给定操作是否处于活动状态。 yii\base\ActionFilter

属性详情

$denyCallback 公共 属性

A callback that will be called if the access should be denied to the current user. This is the case when either no rule matches, or a rule with $allow set to false matches. If not set, denyAccess() will be called.

The signature of the callback should be as follows:

function ($rule, $action)

where $rule is the rule that denies the user, and $action is the current action object. $rule can be null if access is denied because none of the rules matched.

public callable $denyCallback null
$ruleConfig 公共 属性

The default configuration of access rules. Individual rule configurations specified via $rules will take precedence when the same property of the rule is configured.

public array $ruleConfig = ['class' => 'yii\filters\AccessRule']
$rules 公共 属性

A list of access rule objects or configuration arrays for creating the rule objects. If a rule is specified via a configuration array, it will be merged with $ruleConfig first before it is used for creating the rule object.

参见 $ruleConfig.

public array $rules = []
$user 公共 属性

The user object representing the authentication status or the ID of the user application component. Starting from version 2.0.2, this can also be a configuration array for creating the object. Starting from version 2.0.12, you can set it to false to explicitly switch this component support off for the filter.

方法详情

beforeAction() 公共 方法

This method is invoked right before an action is to be executed (after all possible filters.) You may override this method to do last-minute preparation for the action.

public boolean beforeAction($action)
$action yii\base\Action

The action to be executed.

return boolean

Whether the action should continue to be executed.

denyAccess() 受保护 方法

Denies the access of the user.

The default implementation will redirect the user to the login page if he is a guest; if the user is already logged, a 403 HTTP exception will be thrown.

protected void denyAccess($user)
$user yii\web\User|false

The current user or boolean false in case of detached User component

throws yii\web\ForbiddenHttpException

if the user is already logged in or in case of detached User component.

init() 公共 方法

Initializes the $rules array by instantiating rule objects from configurations.

public void init()