[size=2]I’m playing around with the behaviors method in the controllers to implement some basic controls. I really like the matchCallback option, I used it something like this:[/size]
'access' => [
'class' => \yii\filters\AccessControl::className(),
'only' => ['index', 'view','create', 'update', 'delete'],
'rules' => [
[
'actions' => ['index', 'view','create', 'update', 'delete'],
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
return Yii::$app->user->identity->user_type_id == ValueHelpers::getUserTypeValue('Paid')
&& Yii::$app->user->identity->status_id == ValueHelpers::getStatusValue('Active');
}
],
],
],
I implemented a couple of static helper methods to return values to test for, it works perfectly. So my question is how do I customize the behavior when matchCallback fails? Ideally, if I were managing users on a site that had a paid area, like a dating site for example, I would want to redirect to an upgrade page.
I can see a lot of cool applications for this if I had a simple way to control the response. [size=“2”]I looked through AccessControl.php and AccessRule.php but wasn’t able to figure out exactly where I would make the change. [/size][size=“2”]I looked at this method on AccessControl.php:[/size]
protected function denyAccess($user)
{
if ($user->getIsGuest()) {
$user->loginRequired();
} else {
throw new ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.'));
}
}
But then I realized that this is default behavior and I only want to change it under certain conditions, so this is probably not the right place. I can easily take the more procedural approach and go action by action but there is probably a better way. I’m not sure how the new RBAC works or if it would be helpful, since restricting access is not the problem, customizing the response is, and that goes beyond a boolean choice. Any suggestions or ideas on how I can get the behavior I’m looking for? It would be greatly appreciated, thanks.