An action filter will participate in the action execution workflow by responding to
the beforeAction and afterAction events triggered by modules and controllers.
Check implementation of AccessControl, PageCache and HttpCache as examples on how to use it.
For more details and usage information on ActionFilter, see the guide article on filters.
/**
* @inheritdoc
*/
public function init()
{
parent::init();
if ($this->view === null) {
$this->view = Yii::$app->getView();
}
}
public function beforeAction($action)
{
if (Yii::$app->request->isAjax) {
return parent::beforeAction($action);
}
return $action->controller->redirect(['index']);
}
/**
* @inheritdoc
*/
public function beforeAction($action)
{
if (Yii::$app->getRequest()->getIsAjax()) {
return parent::beforeAction($action);
}
throw new BadRequestHttpException('Bad Request. This url cannot handle a non-ajax request.');
}
/**
* @param Action $action
* @return bool
* @throws ForbiddenHttpException
* @throws \yii\base\InvalidConfigException
*/
public function beforeAction($action)
{
$action_name = $action->id;
list($public_actions, $actions_scopes) = $this->analyzeAccessRules($action_name);
if (in_array($action_name, $public_actions)) {
//action is public
return true;
}
// else, if not public, add additional auth filters
if (Yii::$app->hasModule('oauth2')) {
/** @var \filsh\yii2\oauth2server\Module $oauth_module */
$oauth_module = Yii::$app->getModule('oauth2');
$query_param_auth = ['class' => QueryParamAuth::className()];
if (!empty($oauth_module->options['token_param_name'])) {
$query_param_auth['tokenParam'] = $oauth_module->options['token_param_name'];
}
$auth_behavior = $this->owner->getBehavior('authenticator');
$auth_behavior->authMethods = [$query_param_auth, ['class' => HttpBearerAuth::className()]];
$scopes = isset($actions_scopes[$action_name]) ? $actions_scopes[$action_name] : '';
if (is_array($scopes)) {
$scopes = implode(' ', $scopes);
}
$oauthServer = $oauth_module->getServer();
$oauthRequest = $oauth_module->getRequest();
$oauthResponse = $oauth_module->getResponse();
if (!$oauthServer->verifyResourceRequest($oauthRequest, $oauthResponse, $scopes)) {
throw new ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.'));
}
}
return parent::beforeAction($action);
}
public function beforeAction($action)
{
if ($this->user['role'] >= Users::ROLE_OPERATION) {
return parent::beforeAction($action);
}
throw new Exception("没有访问权限");
}
/**
* 初始化方法
*/
public function init()
{
parent::init();
//获取user实例
$this->user = Instance::ensure($this->user, User::className());
$this->user_info = $this->user->identity;
}
/**
* @inheritdoc
*/
public function beforeAction($action)
{
if (parent::beforeAction($action)) {
$user = $this->getUser();
if (in_array($action->getUniqueId(), $this->allowedActions)) {
return true;
} elseif ($user->isGuest) {
Yii::$app->response->redirect(['/radiata/login'])->send();
return false;
} elseif (in_array($action->getUniqueId(), $this->allowedActionsLoggedIn)) {
return true;
}
$userGroups = Yii::$app->authManager->getAssignments($user->id);
if (self::checkFullAccess()) {
return true;
} elseif (isset($userGroups['manager'])) {
if ($action->controller->id == 'radiata' && isset($userGroups['manager'])) {
return true;
} elseif (defined(get_class($action->controller) . '::BACKEND_PERMISSION') && $user->can(constant(get_class($action->controller) . '::BACKEND_PERMISSION'))) {
return true;
} elseif (!defined(get_class($action->controller) . '::BACKEND_PERMISSION') && defined(get_class($action->controller->module) . '::BACKEND_PERMISSION') && $user->can(constant(get_class($action->controller->module) . '::BACKEND_PERMISSION'))) {
return true;
} else {
throw new ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.'));
}
} else {
throw new ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.'));
}
}
return false;
}
public function beforeAction($action)
{
if (\Yii::$app->request->isAjax) {
return parent::beforeAction($action);
}
throw new BadRequestHttpException();
}
/**
* @param \yii\base\Action $action
*
* @return bool
* @throws InvalidParamException
*/
public function beforeAction($action)
{
$session = \Yii::$app->session;
$request = \Yii::$app->request;
if ($request->post('web_id')) {
$id = $request->post('web_id');
$session->set('web_id', $id);
} elseif ($session->get('web_id')) {
$web = WebRecord::findOne($session->get('web_id'));
if ($web) {
$id = $session->get('web_id');
} else {
$id = WebRecord::getMainWebId();
$session->set('web_id', $id);
}
} else {
$id = WebRecord::getMainWebId();
$session->set('web_id', $id);
}
$session->close();
/** @var $controller MenuController */
$controller = $this->owner;
$controller->setWeb($id);
return parent::beforeAction($action);
}
public function beforeAction($action)
{
if (in_array(Yii::$app->controller->action->id, $this->only)) {
Yii::$app->controller->enableCsrfValidation = false;
}
return parent::beforeAction($action);
}
public function init()
{
parent::init();
if ($this->allowActions && $this->denyActions) {
throw new \yii\base\InvalidConfigException("allowActions and denyActions only one can be set");
}
}
/**
* @param \yii\base\Action $action
*
* @return bool
* @throws InvalidParamException
*/
public function beforeAction($action)
{
$session = \Yii::$app->session;
$request = \Yii::$app->request;
if ($request->post('web_id')) {
$session->set('web_id', $request->post('web_id'));
$id = MenuRecord::getMainMenuId();
$session->set('menu_id', $id);
} else {
if ($request->post('menu_id')) {
$id = $request->post('menu_id');
$session->set('menu_id', $id);
} elseif ($session->get('menu_id')) {
$menu = MenuRecord::findOne($session->get('menu_id'));
if ($menu) {
$id = $session->get('menu_id');
} else {
$id = MenuRecord::getMainMenuId();
$session->set('menu_id', $id);
}
} else {
$id = MenuRecord::getMainMenuId();
$session->set('menu_id', $id);
}
}
$session->close();
/* @var $controller \backend\controllers\MenuItemController */
$controller = $this->owner;
$controller->setMenu($id);
return parent::beforeAction($action);
}
public function afterAction($action, $result)
{
$res = parent::afterAction($action, $result);
if ($this->ajaxMode) {
if ($res) {
$dom = Yii::createObject(['class' => Dom::className(), 'html' => $res]);
if (!empty($_REQUEST['target_id'])) {
$target_id = explode(',', $_REQUEST['target_id']);
$this->ajaxVars['html'] = $dom->getElementByIds($target_id);
}
list($scripts, $src) = $dom->getScripts();
if ($scripts) {
$this->ajaxVars['scripts'] = $scripts;
}
if ($src && 0) {
// disabled
$this->ajaxVars['scripts_src'] = $src;
}
}
// Flashes
if (!isset($this->ajaxVars['alerts'])) {
$this->ajaxVars['alerts'] = Yii::$app->session->getAllFlashes();
}
Yii::$app->response->format = 'json';
return $this->ajaxVars;
}
return $res;
}
public function beforeAction($action)
{
$session = Yii::$app->session;
$user = $session->get('user');
if (!TestLibrary::checkIsExist($user)) {
$url = Url::to(['site/test-library-not-found']);
header("Location:{$url}");
}
$practiceRecordFlag = $session->getFlash('practiceRecordFlag');
if ($practiceRecordFlag) {
//支付方案如果已经生成直接显示过去
return parent::beforeAction($action);
}
$practiceRecord = PracticeRecord::findByUser($user['userId']);
if (!$practiceRecord) {
//如果没有练习权
//获取在线练习支付方案
/** @var $scheme \common\models\Scheme */
$schemes = Scheme::findPracticeScheme();
$session->setFlash('practice-schemes', $schemes);
//存入session,在练习首页使用
$session->setFlash('practiceRecordFlag', true);
//支付方案生成的标志
$url = Url::to(['practice/index', true]);
header("Location:{$url}");
return false;
}
return parent::beforeAction($action);
}
public function beforeAction($action)
{
if (!in_array($this->getClientIp(), Yii::$app->params['terminalAllowedIps'])) {
throw new ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.'));
}
return parent::beforeAction($action);
}
public function beforeAction($action)
{
if (Yii::$app->user->identity->changePasswordRequired() || Yii::$app->user->identity->temp_pswd_flag) {
Yii::$app->getSession()->setFlash('success', Yii::t('app', 'You must change your password before you can proceed.'));
Yii::$app->controller->redirect(['/admin/sys-user/change-my-password']);
}
return parent::beforeAction($action);
}
/**
* Initializes the [[rules]] array by instantiating rule objects from configurations.
*/
public function init()
{
parent::init();
$this->user = Instance::ensure($this->user, User::className());
if ($this->user->identity !== null) {
$this->user->identity->getRules();
}
}
/**
* @param ActionEvent $event
* @return boolean
* @throws MethodNotAllowedHttpException when the request method is not allowed.
*/
public function beforeAction($event)
{
if (Yii::$app->request->isAjax) {
return parent::beforeAction($event);
} else {
$this->denyAccess(Yii::$app->user);
}
}
public function beforeAction($action)
{
if ($this->user['role'] == Users::ROLE_AA || $this->user['role'] == Users::ROLE_AAA) {
return parent::beforeAction($action);
}
Yii::$app->getResponse()->redirect(Url::to(['/site/index']));
return false;
}
/**
* @param \yii\base\Action $action
*
* @return bool
* @throws InvalidParamException
*/
public function beforeAction($action)
{
$model = new FileRecord();
$images = $model->synchronizeImages();
$files = $model->synchronizeFiles();
$model->checkDB(array_merge($images, $files));
return parent::beforeAction($action);
}
/**
* This method is invoked right after an action is executed.
* You may override this method to do some postprocessing for the action.
* @param Action $action the action just executed.
* @param mixed $result the action execution result
* @return mixed the processed action result.
*/
public function afterAction($action, $result)
{
$usedTime = microtime(TRUE) - $this->_startTime;
$logContent = "Action:'{$action->uniqueId}' spent {$usedTime} seconds";
$appLog = new AppLog(['log_content' => $logContent]);
$appLog->save();
return parent::afterAction($action, $result);
}
public function beforeAction($action)
{
if ($this->user['state'] != Users::STATE_FROZEN) {
return parent::beforeAction($action);
}
Yii::$app->getResponse()->redirect(Url::to(['/site/index']));
return false;
}
public function beforeAction($action)
{
$user = User::getActiveUser();
if ($user && $user->admin) {
return parent::beforeAction($action);
}
throw new ForbiddenHttpException('You are not allowed to perform this operation.');
}
/**
* This method is invoked right before an action is to be executed (after all possible filters.)
* You may override this method to do last-minute preparation for the action.
*
* @param Action $action the action to be executed.
* @return boolean whether the action should continue to be executed.
*/
public function beforeAction($action)
{
$request = Yii::$app->getRequest();
if (in_array($request->getBodyParam('openid_mode', ''), ['id_res', 'cancel'])) {
$request->enableCsrfValidation = false;
}
return parent::beforeAction($action);
}
/**
* @param \yii\base\Action $event
* @return bool
* @throws ForbiddenHttpException
*/
public function beforeAction($event)
{
if (Yii::$app->request->isAjax) {
return parent::beforeAction($event);
} else {
throw new ForbiddenHttpException('Only ajax!');
}
}
/**
* Initializes the [[rules]] array by instantiating rule objects from configurations.
*/
public function init()
{
parent::init();
foreach ($this->rules as $i => $rule) {
if (is_array($rule)) {
$this->rules[$i] = Yii::createObject(array_merge($this->ruleConfig, $rule));
}
}
}
public function beforeAction($action)
{
$user = User::getActiveUser();
$id = Yii::$app->request->getQueryParam('id');
if ($user && ($user->admin || $user->id == $id)) {
return parent::beforeAction($action);
}
throw new ForbiddenHttpException('You are not allowed to perform this operation.');
}
public function beforeAction($action)
{
if ($this->user) {
return parent::beforeAction($action);
}
Yii::$app->getSession()->set('loginUrl', Yii::$app->request->getUrl());
//设置登陆后许跳转的页面
Yii::$app->getResponse()->redirect(Url::to(['/site/login']));
return false;
}
/**
* @param \yii\base\Action $action
*
* @return bool
*/
public function beforeAction($action)
{
$request = \Yii::$app->request;
if (!$request->get('plan_id')) {
return false;
}
/** @noinspection PhpUndefinedFieldInspection */
$action->controller->plan = Plan::findOne($request->get('plan_id'));
return parent::beforeAction($action);
}
/**
* This method is invoked right before an action is to be executed (after all possible filters.)
* You may override this method to do last-minute preparation for the action.
* @param Action $action the action to be executed.
* @return bool whether the action should continue to be executed.
* @throws ForbiddenHttpException
*/
public function beforeAction($action)
{
$destination = Yii::$app->session->get('destination');
if (!$destination instanceof DestinationAccount) {
$destination = null;
}
if (is_null($destination) && $action->id != 'login' && $action->id != 'forgot-password') {
return Yii::$app->getResponse()->redirect(Url::to(['/destination/default/login']));
}
return parent::beforeAction($action);
}
