Class humhub\components\behaviors\AccessControl

Inheritancehumhub\components\behaviors\AccessControl » yii\base\ActionFilter

Handles the AccessControl for a Controller.

Controller level AccessRules can be provided by either setting the $rules array, or by implementing a getAccessRules() function within the controller itself (prefered).

Examples:

Disable guest access for all controller actions:

public function getAccessRules()
{
    return [
         ['login']
    ];
}

Disable guest access for specific controller actions:

public function getAccessRules()
{
    return [
         ['login' => ['action1', 'action2']]
    ];
}

All users have to be logged in + additional permission check for 'action1' and 'action2':

public function getAccessRules()
{
    return [
         ['login'],
         ['permission' => MyPermission::class, 'actions' => ['action1', 'action2']]
    ];
}

Custom inline validator for action 'action1':

public function getAccessRules()
{
    return [
         ['validateMyCustomRule', 'someParameter' => 'someValue', 'actions' => ['action1']]
    ];
}

public function validateMyCustomRule($rule, $access)
{
    if($rule['someParameter'] !== 'someValue') {
         $access->code = 401;
         $access->reason = 'Not authorized!';
         return false;
    }

     return true;
}

The list of available rules is given by the humhub\components\access\ControllerAccess class set by a controller. By default the base humhub\components\access\ControllerAccess class will be used.

The default ControllerAccess class can be overwritten by implementing the getAccess() function within a controller, which should return an instance of ControllerAccess.

Note: You can also use the humhub\components\Controller::$access property to define a ControllerAccess class string.

See also humhub\components\access\ControllerAccess.

Protected Methods

Hide inherited methods

MethodDescriptionDefined By
forbidden() humhub\components\behaviors\AccessControl
getControllerAccess() Returns a ControllerAccess instance, controllers are able to overwrite this by implementing an own getAccess() function. humhub\components\behaviors\AccessControl
handleDeprecatedSettings() Compatibility with pre 1.2.2 usage of AccessControl humhub\components\behaviors\AccessControl
loginRequired() humhub\components\behaviors\AccessControl

Property Details

$adminOnly public property
Deprecated since 1.2.2 use ['adminOnly'] rule instead
public boolean $adminOnly false
$controllerAccess protected property

Instance

$guestAllowedActions public property
Deprecated since 1.2.2 use ['guestAccess' => ['action1', 'action2']] rule instead
$loggedInOnly public property
Deprecated since 1.2.2 use ['loggedInOnly'] rule instead
public $loggedInOnly false
$rules public property
public array $rules null

Method Details

beforeAction() public method

public void beforeAction ( $action )
$action
forbidden() protected method

protected void forbidden ( )
throws \yii\web\ForbiddenHttpException
getControllerAccess() protected method

Returns a ControllerAccess instance, controllers are able to overwrite this by implementing an own getAccess() function.

protected humhub\components\access\ControllerAccess getControllerAccess ( $rules null )
$rules
handleDeprecatedSettings() protected method

Compatibility with pre 1.2.2 usage of AccessControl

protected void handleDeprecatedSettings ( )
loginRequired() protected method

protected boolean loginRequired ( )
return boolean

Forces user login