onBeginRequest Event Handler

Hello all.

I’m just beginning to use Yii framework after defecting from Zend Framework (due to not focusing on rapid development / real world performance enough).

With Zend Framework I implemented my ACL as a plugin which allowed me to create an ACL system with the following features:

1 - Zero ACL code in each Controller file.

2 - ACL rules completely stored in the database.

3 - ACL rule implementation handled prior to main programme execution.

4 - ACL resources relate directly to modules / controllers / actions in a hierarchy.

5 - Using reflection the ACL resources could be generated based on the the existing Controllers and their actions.

6 - A fully automated admin panel could allow a user to select granular yes/no ACL rules.

I want to implement this system in Yii. I have been researching and it looks like the only way to handle this would be to use the onBeginRequest() event handler. This was used to do a very simple ‘is logged in’ check in the following tutorial: h**p://www.larryullman.com/2010/07/20/forcing-login-for-all-pages-in-yii/

So basically instead of only checking if a user is logged in, I want to check if a user has been granted access to the currently executing Module/Controller/Action combination.

The problem I am having is finding out what the currently executing Module/Controller/Action is from within the onBeginRequest event handler. The Yii::app()->request and Yii::app()->controller etc properties don’t seem to be set.

Is this because at the time of onBeginRequest execution these properties are not yet set, or is it just a scope issue?

Any tips? I really don’t want to rely on processing the URL and working it out that way as it’s a bit of a hack.


You could follow this advice: http://www.yiiframework.com/forum/index.php?/topic/23172-ccontroller-events/.

And attach event handler to Controller.onBeforeAction instead of Application.onBeginRequest.

Thank you for your reply.

Isn’t that just a feature request though? I can’t find any events like that for CController.

It’s called beforeAction:

protected function beforeAction($action) {

        return true;


If you don’t want to use filters, then I think that’s the best option. :)

Thanks Jac.

Currently I use \protected\config\main.php with a line as follows:

$options[‘behaviors’][‘onBeginRequest’][‘class’] = ‘application.components.Access’;

As that function is protected are you suggesting I use my own custom Controller class in my app that inherits from CController and then I’d overload beforeAction() ?

This would work however would mean this couldn’t be retro-fitted to an existing application that was written in the ‘standard’ way.

Or is there a way to attach code to that protected function from outside it?

The Hordes sent me a PM where he explained that he managed to find the class Controller in protected/components which is where you can override globally. :)