Home Explore Help
Sign In
compsci-industry
/
TechEmpower.FrameworkBenchmarks
mirror of https://github.com/TechEmpower/FrameworkBenchmarks.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: 0bb3773de6
Branches Tags
TechEmpower.Fra...
/
php-yii2
/
app
/
vendor
/
yiisoft
/
yii2
/
web
/
AccessControl.php

AccessControl.php 4.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * @link http://www.yiiframework.com/
    4. 

  4.  * @copyright Copyright (c) 2008 Yii Software LLC
    5. 

  5.  * @license http://www.yiiframework.com/license/
    6. 

  6.  */
    7. 

  7. 

  8. namespace yii\web;
    9. 

  9. 

  10. use Yii;
    11. 

  11. use yii\base\Action;
    12. 

  12. use yii\base\ActionFilter;
    13. 

  13. 

  14. /**
    15. 

  15.  * AccessControl provides simple access control based on a set of rules.
    16. 

  16.  *
    17. 

  17.  * AccessControl is an action filter. It will check its [[rules]] to find
    18. 

  18.  * the first rule that matches the current context variables (such as user IP address, user role).
    19. 

  19.  * The matching rule will dictate whether to allow or deny the access to the requested controller
    20. 

  20.  * action. If no rule matches, the access will be denied.
    21. 

  21.  *
    22. 

  22.  * To use AccessControl, declare it in the `behaviors()` method of your controller class.
    23. 

  23.  * For example, the following declarations will allow authenticated users to access the "create"
    24. 

  24.  * and "update" actions and deny all other users from accessing these two actions.
    25. 

  25.  *
    26. 

  26.  * ~~~
    27. 

  27.  * public function behaviors()
    28. 

  28.  * {
    29. 

  29.  *     return [
    30. 

  30.  *         'access' => [
    31. 

  31.  *             'class' => \yii\web\AccessControl::className(),
    32. 

  32.  *             'only' => ['create', 'update'],
    33. 

  33.  *             'rules' => [
    34. 

  34.  *                 // deny all POST requests
    35. 

  35.  *                 [
    36. 

  36.  *                     'allow' => false,
    37. 

  37.  *                     'verbs' => ['POST']
    38. 

  38.  *                 ],
    39. 

  39.  *                 // allow authenticated users
    40. 

  40.  *                 [
    41. 

  41.  *                     'allow' => true,
    42. 

  42.  *                     'roles' => ['@'],
    43. 

  43.  *                 ],
    44. 

  44.  *                 // everything else is denied
    45. 

  45.  *             ],
    46. 

  46.  *         ],
    47. 

  47.  *     ];
    48. 

  48.  * }
    49. 

  49.  * ~~~
    50. 

  50.  *
    51. 

  51.  * @author Qiang Xue <[email protected]>
    52. 

  52.  * @since 2.0
    53. 

  53.  */
    54. 

  54. class AccessControl extends ActionFilter
    55. 

  55. {
    56. 

  56. 	/**
    57. 

  57. 	 * @var callback a callback that will be called if the access should be denied
    58. 

  58. 	 * to the current user. If not set, [[denyAccess()]] will be called.
    59. 

  59. 	 *
    60. 

  60. 	 * The signature of the callback should be as follows:
    61. 

  61. 	 *
    62. 

  62. 	 * ~~~
    63. 

  63. 	 * function ($rule, $action)
    64. 

  64. 	 * ~~~
    65. 

  65. 	 *
    66. 

  66. 	 * where `$rule` is this rule, and `$action` is the current [[Action|action]] object.
    67. 

  67. 	 */
    68. 

  68. 	public $denyCallback;
    69. 

  69. 	/**
    70. 

  70. 	 * @var array the default configuration of access rules. Individual rule configurations
    71. 

  71. 	 * specified via [[rules]] will take precedence when the same property of the rule is configured.
    72. 

  72. 	 */
    73. 

  73. 	public $ruleConfig = ['class' => 'yii\web\AccessRule'];
    74. 

  74. 	/**
    75. 

  75. 	 * @var array a list of access rule objects or configuration arrays for creating the rule objects.
    76. 

  76. 	 * If a rule is specified via a configuration array, it will be merged with [[ruleConfig]] first
    77. 

  77. 	 * before it is used for creating the rule object.
    78. 

  78. 	 * @see ruleConfig
    79. 

  79. 	 */
    80. 

  80. 	public $rules = [];
    81. 

  81. 

  82. 	/**
    83. 

  83. 	 * Initializes the [[rules]] array by instantiating rule objects from configurations.
    84. 

  84. 	 */
    85. 

  85. 	public function init()
    86. 

  86. 	{
    87. 

  87. 		parent::init();
    88. 

  88. 		foreach ($this->rules as $i => $rule) {
    89. 

  89. 			if (is_array($rule)) {
    90. 

  90. 				$this->rules[$i] = Yii::createObject(array_merge($this->ruleConfig, $rule));
    91. 

  91. 			}
    92. 

  92. 		}
    93. 

  93. 	}
    94. 

  94. 

  95. 	/**
    96. 

  96. 	 * This method is invoked right before an action is to be executed (after all possible filters.)
    97. 

  97. 	 * You may override this method to do last-minute preparation for the action.
    98. 

  98. 	 * @param Action $action the action to be executed.
    99. 

  99. 	 * @return boolean whether the action should continue to be executed.
    100. 

  100. 	 */
    101. 

  101. 	public function beforeAction($action)
    102. 

  102. 	{
    103. 

  103. 		$user = Yii::$app->getUser();
    104. 

  104. 		$request = Yii::$app->getRequest();
    105. 

  105. 		/** @var AccessRule $rule */
    106. 

  106. 		foreach ($this->rules as $rule) {
    107. 

  107. 			if ($allow = $rule->allows($action, $user, $request)) {
    108. 

  108. 				return true;
    109. 

  109. 			} elseif ($allow === false) {
    110. 

  110. 				if (isset($rule->denyCallback)) {
    111. 

  111. 					call_user_func($rule->denyCallback, $rule, $action);
    112. 

  112. 				} elseif (isset($this->denyCallback)) {
    113. 

  113. 					call_user_func($this->denyCallback, $rule, $action);
    114. 

  114. 				} else {
    115. 

  115. 					$this->denyAccess($user);
    116. 

  116. 				}
    117. 

  117. 				return false;
    118. 

  118. 			}
    119. 

  119. 		}
    120. 

  120. 		if (isset($this->denyCallback)) {
    121. 

  121. 			call_user_func($this->denyCallback, $rule, $action);
    122. 

  122. 		} else {
    123. 

  123. 			$this->denyAccess($user);
    124. 

  124. 		}
    125. 

  125. 		return false;
    126. 

  126. 	}
    127. 

  127. 

  128. 	/**
    129. 

  129. 	 * Denies the access of the user.
    130. 

  130. 	 * The default implementation will redirect the user to the login page if he is a guest;
    131. 

  131. 	 * if the user is already logged, a 403 HTTP exception will be thrown.
    132. 

  132. 	 * @param User $user the current user
    133. 

  133. 	 * @throws AccessDeniedHttpException if the user is already logged in.
    134. 

  134. 	 */
    135. 

  135. 	protected function denyAccess($user)
    136. 

  136. 	{
    137. 

  137. 		if ($user->getIsGuest()) {
    138. 

  138. 			$user->loginRequired();
    139. 

  139. 		} else {
    140. 

  140. 			throw new AccessDeniedHttpException(Yii::t('yii', 'You are not allowed to perform this action.'));
    141. 

  141. 		}
    142. 

  142. 	}
    143. 

  143. }
    144.