AppController ​
- Type
- Class
- Namespace
- craft\controllers
- Inherits
- craft\controllers\AppController » craft\web\Controller » yii\web\Controller » yii\base\Controller » yii\base\Component » yii\base\BaseObject
- Implements
- yii\base\Configurable, yii\base\ViewContextInterface
- Since
- 3.0.0
The AppController class is a controller that handles various actions for Craft updates, control panel requests, upgrading Craft editions and license requests.
Note that all actions in the controller require an authenticated Craft session via allowAnonymous.
Public Properties ​
Property | Description |
---|---|
action | yii\base\Action, null – The action that is currently being executed. |
actionParams | array – The parameters bound to the current action. |
behaviors | yii\base\Behavior – List of behaviors attached to this component. |
defaultAction | string – The ID of the action that is used when the action ID is not specified in the request. |
enableCsrfValidation | boolean – Whether to enable CSRF validation for the actions in this controller. |
id | string – The ID of this controller. |
layout | string, null, false – The name of the layout to be applied to this controller's views. |
module | yii\base\Module – The module that this controller belongs to. |
modules | yii\base\Module – All ancestor modules that this controller is located within. |
request | craft\web\Request |
response | craft\web\Response |
route | string – The route (module ID, controller ID and action ID) of the current request. |
uniqueId | string – The controller ID that is prefixed with the module ID (if any). |
view | craft\web\View – The view object that can be used to render views or view files |
viewPath | string – The directory containing the view files for this controller. |
Protected Properties ​
Property | Description |
---|---|
allowAnonymous | integer, boolean, integer[], string[] – Whether this controller’s actions can be accessed anonymously. |
allowAnonymous
​
- Type
- integer, boolean, integer[], string[]
- Default value
[ 'migrate' => self::ALLOW_ANONYMOUS_LIVE | self::ALLOW_ANONYMOUS_OFFLINE, 'broken-image' => self::ALLOW_ANONYMOUS_LIVE | self::ALLOW_ANONYMOUS_OFFLINE, 'health-check' => self::ALLOW_ANONYMOUS_LIVE, 'resource-js' => self::ALLOW_ANONYMOUS_LIVE | self::ALLOW_ANONYMOUS_OFFLINE, ]
Whether this controller’s actions can be accessed anonymously.
This can be set to any of the following:
false
orself::ALLOW_ANONYMOUS_NEVER
(default) – indicates that all controller actions should never be accessed anonymouslytrue
orself::ALLOW_ANONYMOUS_LIVE
– indicates that all controller actions can be accessed anonymously when the system is liveself::ALLOW_ANONYMOUS_OFFLINE
– indicates that all controller actions can be accessed anonymously when the system is offlineself::ALLOW_ANONYMOUS_LIVE | self::ALLOW_ANONYMOUS_OFFLINE
– indicates that all controller actions can be accessed anonymously when the system is live or offline- An array of action IDs (e.g.
['save-guest-entry', 'edit-guest-entry']
) – indicates that the listed action IDs can be accessed anonymously when the system is live - An array of action ID/bitwise pairs (e.g.
['save-guest-entry' => self::ALLOW_ANONYMOUS_OFFLINE]
– indicates that the listed action IDs can be accessed anonymously per the bitwise int assigned to it.
Public Methods ​
Method | Description |
---|---|
__call() | Calls the named method which is not a class method. |
__clone() | This method is called after the object is created by cloning an existing one. |
__construct() | |
__get() | Returns the value of a component property. |
__isset() | Checks if a property is set, i.e. defined and not null. |
__set() | Sets the value of a component property. |
__unset() | Sets a component property to be null. |
actionApiHeaders() | Returns the latest Craftnet API headers. |
actionBrokenImage() | Sends a broken image. |
actionCacheUpdates() | Caches new update info and then returns it. |
actionCheckForUpdates() | Returns update info. |
actionGetCpAlerts() | Returns any alerts that should be displayed in the control panel. |
actionGetPluginLicenseInfo() | Fetches plugin license statuses. |
actionGetUtilitiesBadgeCount() | Returns the badge count for the Utilities nav item. |
actionHealthCheck() | Returns an empty response. |
actionMigrate() | Creates a DB backup (if configured to do so), runs any pending Craft, plugin, & content migrations, and syncs project.yaml changes in one go. |
actionProcessApiResponseHeaders() | Processes an API response’s headers. |
actionRenderElement() | Renders an element for the control panel. |
actionResourceJs() | Loads the given JavaScript resource URL and returns it. |
actionShunCpAlert() | Shuns a control panel alert for 24 hours. |
actionSwitchToLicensedEdition() | Switches Craft to the edition it's licensed for. |
actionTryEdition() | Tries a Craft edition on for size. |
actionUpdatePluginLicense() | Updates a plugin’s license key. |
actions() | Declares external actions for the controller. |
afterAction() | This method is invoked right after an action is executed. |
asCpScreen() | Sends a control panel screen response. |
asErrorJson() | Responds to the request with a JSON error message. |
asFailure() | Sends a failure response. |
asJson() | Send data formatted as JSON. |
asJsonP() | Sets the response format of the given data as JSONP. |
asModelFailure() | Sends a failure response for a model. |
asModelSuccess() | Sends a success response for a model. |
asRaw() | Sets the response format of the given data as RAW. |
asSuccess() | Sends a success response. |
asXml() | Send data formatted as XML. |
attachBehavior() | Attaches a behavior to this component. |
attachBehaviors() | Attaches a list of behaviors to the component. |
beforeAction() | This method is invoked right before an action is executed. |
behaviors() | Returns a list of behaviors that this component should behave as. |
bindActionParams() | Binds the parameters to the action. |
canGetProperty() | Returns a value indicating whether a property can be read. |
canSetProperty() | Returns a value indicating whether a property can be set. |
className() | Returns the fully qualified name of this class. |
createAction() | Creates an action based on the given action ID. |
currentUser() | Returns the currently logged-in user. |
detachBehavior() | Detaches a behavior from the component. |
detachBehaviors() | Detaches all behaviors from the component. |
ensureBehaviors() | Makes sure that the behaviors declared in behaviors() are attached to this component. |
findLayoutFile() | Finds the applicable layout file. |
getBehavior() | Returns the named behavior object. |
getBehaviors() | Returns all behaviors attached to this component. |
getModules() | Returns all ancestor modules of this controller. |
getRoute() | Returns the route of the current request. |
getUniqueId() | Returns the unique ID of the controller. |
getView() | Returns the view object that can be used to render views or view files |
getViewPath() | Returns the directory containing view files for this controller. |
goBack() | Redirects the browser to the last visited page. |
goHome() | Redirects the browser to the home page. |
hasEventHandlers() | Returns a value indicating whether there is any handler attached to the named event. |
hasMethod() | Returns a value indicating whether a method is defined. |
hasProperty() | Returns a value indicating whether a property is defined for this component. |
init() | Initializes the object. |
off() | Detaches an existing event handler from this component. |
on() | Attaches an event handler to an event. |
redirect() | Redirects the browser to the specified URL. |
redirectToPostedUrl() | Redirects to the URI specified in the POST. |
refresh() | Refreshes the current page. |
render() | Renders a view and applies layout if available. |
renderAjax() | Renders a view in response to an AJAX request. |
renderContent() | Renders a static string by applying a layout. |
renderFile() | Renders a view file. |
renderPartial() | Renders a view without applying layout. |
renderTemplate() | Sends a rendered template response. |
requireAcceptsJson() | Throws a 400 error if the request doesn't accept JSON. |
requireAdmin() | Throws a 403 error if the current user is not an admin. |
requireAuthorization() | Checks whether the current user can perform a given action, and ends the request with a 403 error if they don’t. |
requireCpRequest() | Throws a 400 error if the current request isn’t a control panel request. |
requireElevatedSession() | Requires that the user has an elevated session. |
requireGuest() | Redirects the user to the account template if they are logged in. |
requireLogin() | Redirects the user to the login template if they're not logged in. |
requirePermission() | Checks whether the current user has a given permission, and ends the request with a 403 error if they don’t. |
requirePostRequest() | Throws a 400 error if this isn’t a POST request |
requireSiteRequest() | Throws a 400 error if the current request isn’t a site request. |
requireToken() | Throws a 400 error if the current request doesn’t have a valid Craft token. |
run() | Runs a request specified in terms of a route. |
runAction() | Runs an action within this controller with the specified action ID and parameters. |
setFailFlash() | Sets an error flash message on the user session. |
setSuccessFlash() | Sets a success flash message on the user session. |
setView() | Sets the view object to be used by this controller. |
setViewPath() | Sets the directory that contains the view files. |
trigger() | Triggers an event. |
actionApiHeaders()
​
- Since
- 3.3.16
Returns the latest Craftnet API headers.
Returns ​
Throws ​
actionBrokenImage()
​
- Since
- 3.5.0
Sends a broken image.
Returns ​
Throws ​
actionCacheUpdates()
​
- Since
- 3.3.16
Caches new update info and then returns it.
Returns ​
Throws ​
actionCheckForUpdates()
​
Returns update info.
Returns ​
Throws ​
- yii\web\BadRequestHttpException
if the request doesn't accept a JSON response - yii\web\ForbiddenHttpException
if the user doesn't have permission to perform updates or use the Updates utility
actionGetCpAlerts()
​
Returns any alerts that should be displayed in the control panel.
Returns ​
actionGetPluginLicenseInfo()
​
Fetches plugin license statuses.
Returns ​
actionGetUtilitiesBadgeCount()
​
Returns the badge count for the Utilities nav item.
Returns ​
actionHealthCheck()
​
- Since
- 3.5.0
Returns an empty response.
actionMigrate()
​
Creates a DB backup (if configured to do so), runs any pending Craft, plugin, & content migrations, and syncs project.yaml
changes in one go.
This action can be used as a post-deploy webhook with site deployment services (like DeployBot or DeployPlace) to minimize site downtime after a deployment.
Arguments ​
$applyProjectConfigChanges
(boolean)
Returns ​
Throws ​
actionProcessApiResponseHeaders()
​
- Since
- 3.3.16
Processes an API response’s headers.
Returns ​
Throws ​
actionRenderElement()
​
- Since
- 4.0.0
Renders an element for the control panel.
Returns ​
Throws ​
actionResourceJs()
​
Loads the given JavaScript resource URL and returns it.
Arguments ​
$url
(string)
Returns ​
actionShunCpAlert()
​
Shuns a control panel alert for 24 hours.
Returns ​
actionSwitchToLicensedEdition()
​
Switches Craft to the edition it's licensed for.
Returns ​
actionTryEdition()
​
Tries a Craft edition on for size.
Returns ​
Throws ​
- yii\web\BadRequestHttpException
if Craft isn’t allowed to test edition upgrades
actionUpdatePluginLicense()
​
Updates a plugin’s license key.
Returns ​
beforeAction()
​
This method is invoked right before an action is executed.
The method will trigger the EVENT_BEFORE_ACTION event. The return value of the method will determine whether the action should continue to run.
In case the action should not run, the request should be handled inside of the beforeAction
code by either providing the necessary output or redirecting the request. Otherwise the response will be empty.
If you override this method, your code should look like the following:
public function beforeAction($action): bool
{
// your custom code here, if you want the code to run before action filters,
// which are triggered on the [EVENT_BEFORE_ACTION](https://www.yiiframework.com/doc/api/2.0/yii-base-controller#EVENT_BEFORE_ACTION-detail) event, e.g. PageCache or AccessControl
if (!parent::beforeAction($action)) {
return false;
}
// other custom code here
return true; // or false to not run the action
}
Arguments ​
$action
(yii\base\Action) – The action to be executed.
Returns ​
boolean – Whether the action should continue to run.
Throws ​
- yii\web\BadRequestHttpException
if the request is missing a valid CSRF token - yii\web\ForbiddenHttpException
if the user is not logged in or lacks the necessary permissions - craft\web\ServiceUnavailableHttpException
if the system is offline and the user isn't allowed to access it - yii\web\UnauthorizedHttpException
behaviors()
​
Returns a list of behaviors that this component should behave as.
Child classes may override this method to specify the behaviors they want to behave as.
The return value of this method should be an array of behavior objects or configurations indexed by behavior names. A behavior configuration can be either a string specifying the behavior class or an array of the following structure:
'behaviorName' => [
'class' => 'BehaviorClass',
'property1' => 'value1',
'property2' => 'value2',
]
Note that a behavior class must extend from \craft\controllers\Behavior
. Behaviors can be attached using a name or anonymously. When a name is used as the array key, using this name, the behavior can later be retrieved using getBehavior() or be detached using detachBehavior(). Anonymous behaviors can not be retrieved or detached.
Behaviors declared in this method will be attached to the component automatically (on demand).
Returns ​
array – The behavior configurations.
Protected Methods ​
Method | Description |
---|---|
bindInjectedParams() | Fills parameters based on types and names in action method signature. |
defineBehaviors() | Returns the behaviors to attach to this class. |
getPostedRedirectUrl() | Gets the redirect param specified in the POST data. |
Constants ​
Constant | Description |
---|---|
ALLOW_ANONYMOUS_LIVE | |
ALLOW_ANONYMOUS_NEVER | |
ALLOW_ANONYMOUS_OFFLINE |