In many cases, we need to filter the incoming data or perform some actions based on this data. For example, with custom filters, we can filter visitors by IP, force users to use HTTPS, or redirect the user to an installation page prior to using the application. Yii has two built-in usable filters. First is CInlineFilter
, which allows using the controller method as a filter, and the second (the one we will focus on) is CAccessControlFilter
, which allows controlling access to various controller actions.
In this recipe, we will implement the following:
yiic webapp
.protected/controllers/AccessController.php
as follows:<?php class AccessController extends CController { public function actionAuthOnly() { echo "Looks like you are authorized to run me."; } public function actionIp() { echo "Your IP is in our list. Lucky you!"; } public function actionUser() { echo "You're the right man. Welcome!"; } }
Carry out the following steps:
filters
method. We do this as follows:public function filters() { return array( 'accessControl', ); }
accessRules
method that is used by the access control filter as follows:public function accessRules() { return array( array( 'deny', 'expression' => 'strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== FALSE', 'message' => "You're using the wrong browser, sorry.", ), array( 'allow', 'actions' => array('authOnly'), 'users' => array('@'), ), array( 'allow', 'actions' => array('ip'), 'ips' => array('127.0.0.1'), ), array( 'allow', 'actions' => array('user'), 'users' => array('admin'), ), array('deny'), ); }
admin
and demo
usernames.We will start with limiting access to the controller action to authorized users only. See the following code in the accessRules
method:
array( 'allow', 'actions' => array('authOnly'), 'users' => array('@'), ), array('deny'),
Each array here is an access rule. You can either use the allow
rule or the deny
rule. For each rule, there are several parameters.
In our rule, we use two parameters. The first is the actions
parameter, which takes an array of actions to which the rule will be applied. The second is the users
parameter, which takes an array of user IDs (ones returned by Yii::app()->user->id
) to determine the users this rule applies to. In our case, we used one of the following special characters: @
means all authenticated users, while *
and ?
stand for all users and guest users, respectively.
The next task is to limit access to specific IPs. In this case, the following two access rules are involved:
array( 'allow', 'actions' => array('ip'), 'ips' => array('127.0.0.1'), ), array('deny'),
The first rule allows access to the ip
action from a list of IPs specified. In our case, we are using a loopback address, which always points to our own computer. Try changing it to, for example, 127.0.0.2
to see how it works when the address does not match. The second rule denies everything including all other IPs.
Next, we limit access to one specific user as follows:
array( 'allow', 'actions' => array('user'), 'users' => array('admin'), ), array('deny'),
The preceding rule allows a user with an ID equal to admin
to run the user
action. Therefore, if you log in as admin
, it will let you in, but if you log in as demo
, it will not. This is the same type of rule that we used to limit access to authorized users. The only difference is that we are using an ID instead of a wildcard. Again, the second rule involved denies everything including all other users.
Finally, we need to deny access to a specific browser. For this recipe, we are denying all versions of Internet Explorer and, in fact, some other browsers with the same user agent strings. The rule itself is put on top, so it executes first as follows:
array( 'deny', 'expression' => 'strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== FALSE', 'message' => "You're using the wrong browser, sorry.", ), array('deny'),
In the preceding code, we use another filter rule property named expression
. It takes a PHP expression as a string, as an anonymous function (in PHP 5.3), or as a valid callback. In our case, we use a string.
Using PHP 5.3, the anonymous function will look like the following:
array( 'deny', 'expression' => function(){ return strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== FALSE; }, 'message' => "You're using the wrong browser, sorry.", ),
The preceding expression checks if the user agent string contains MSIE
. Depending on your requirements, you can specify any PHP code. The second parameter named message
is used to change a message shown to the user when the access is denied.
3.134.118.95