|
|
|
|
@ -13,6 +13,39 @@ use yii\base\ActionFilter;
|
|
|
|
|
use yii\base\HttpException; |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* AccessControl provides simple access control based on a set of rules. |
|
|
|
|
* |
|
|
|
|
* AccessControl is an action filter. It will check its [[rules]] to find |
|
|
|
|
* the first rule that matches the current context variables (such as user IP address, user role). |
|
|
|
|
* The matching rule will dictate whether to allow or deny the access to the requested controller |
|
|
|
|
* action. |
|
|
|
|
* |
|
|
|
|
* To use AccessControl, declare it in the `behaviors()` method of your controller class. |
|
|
|
|
* For example, the following declarations will allow authenticated users to access the "create" |
|
|
|
|
* and "update" actions and deny all other users from accessing these two actions. |
|
|
|
|
* |
|
|
|
|
* ~~~ |
|
|
|
|
* public function behaviors() |
|
|
|
|
* { |
|
|
|
|
* return array( |
|
|
|
|
* 'access' => array( |
|
|
|
|
* 'class' => \yii\web\AccessControl::className(), |
|
|
|
|
* 'only' => array('create', 'update'), |
|
|
|
|
* 'rules' => array( |
|
|
|
|
* // allow authenticated users |
|
|
|
|
* array( |
|
|
|
|
* 'allow' => true, |
|
|
|
|
* 'roles' => array('@'), |
|
|
|
|
* ), |
|
|
|
|
* // deny all |
|
|
|
|
* array( |
|
|
|
|
* 'allow' => false, |
|
|
|
|
* ), |
|
|
|
|
* ), |
|
|
|
|
* ), |
|
|
|
|
* ); |
|
|
|
|
* } |
|
|
|
|
* ~~~ |
|
|
|
|
* |
|
|
|
|
* @author Qiang Xue <qiang.xue@gmail.com> |
|
|
|
|
* @since 2.0 |
|
|
|
|
|
Qiang Xue
12 years ago