Enhancement to access control filter


I’ve been using the Yii framework for a few days now, and I f-ing love it. It’s the best framework I’ve used (and I’ve used MANY).

There are a few issues and enhancements I’ve encountered while setting up my apps, which I’d like to share.

The access control filter lacks a mechanism to send parameters to the access check, so I subclassed CAccessControlFilter and added the following override method:

class CNewAccessControlFilter extends CAccessControlFilter


  public function isRoleMatched($user)



      return true;

    foreach($this->roles as $role) {

      if(is_array($role)) {

        list($role, $params) = $role;

      } else {

        $params = array();


      if($user->checkAccess($role, $params)) {

        return true;



    return false;



This allows you to specify roles with params for the bizRule (if needed).

So your access rule definitions in the controller now look like this:

public function accessRules()


  return array(

    array('allow', 'roles' => array(

      array('admin', array('paramname' => 'paramvalue')), // Specify the role as an array with the parameters as the second element

      'guest', // Specify the role as a string if you do not need parameters for the bizRule




I hope someone finds this useful.

I was just about to work on that very class extension, then thought I should try here first. Excellent timing, thank you! Looks pretty simple, but I’ll let you know if I run into any quirks. <waves cheerfully>

Ivo in Seattle