Fixes #7823: Added yii\filters\AjaxFilter filter

framework/CHANGELOG.md

@@ -43,6 +43,7 @@ Yii Framework 2 Change Log
 - Bug #14370: Fixed creating built-in validator in model with same function name (dmirogin)
 - Bug #14492: Fixed error handler not escaping error info debug mode (samdark)
 - Chg #14487: Changed i18n message error to warning (dmirogin)
+- Enh #7823: Added `yii\filters\AjaxFilter` filter (dmirogin)
 
 2.0.12 June 05, 2017
 --------------------

framework/filters/AjaxFilter.php

@@ -0,0 +1,65 @@
+<?php
+/**
+ * @link http://www.yiiframework.com/
+ * @copyright Copyright (c) 2008 Yii Software LLC
+ * @license http://www.yiiframework.com/license/
+ */
+
+namespace yii\filters;
+
+use Yii;
+use yii\base\ActionFilter;
+use yii\web\BadRequestHttpException;
+use yii\web\Request;
+
+/**
+ * AjaxFilter allow to limit access only for ajax requests.
+ *
+ * ```php
+ * public function behaviors()
+ * {
+ *     return [
+ *         [
+ *             'class' => 'yii\filters\AjaxFilter',
+ *             'only' => ['index']
+ *         ],
+ *     ];
+ * }
+ * ```
+ *
+ * @author Dmitry Dorogin <dmirogin@ya.ru>
+ * @since 2.0.13
+ */
+class AjaxFilter extends ActionFilter
+{
+    /**
+     * @var string the message to be displayed when request isn't ajax
+     */
+    public $errorMessage = 'Request must be XMLHttpRequest.';
+    /**
+     * @var Request the current request. If not set, the `request` application component will be used.
+     */
+    public $request;
+
+    /**
+     * @inheritdoc
+     */
+    public function init()
+    {
+        if ($this->request === null) {
+            $this->request = Yii::$app->getRequest();
+        }
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function beforeAction($action)
+    {
+        if ($this->request->getIsAjax()) {
+            return true;
+        }
+
+        throw new BadRequestHttpException($this->errorMessage);
+    }
+}

tests/framework/filters/AccessRuleTest.php

@@ -44,6 +44,7 @@ protected function mockRequest($method = 'GET')
             ->setMethods(['getMethod'])
             ->getMock();
         $request->method('getMethod')->willReturn($method);
+
         return $request;
     }
 

tests/framework/filters/AjaxFilterTest.php

@@ -0,0 +1,52 @@
+<?php
+/**
+ * @link http://www.yiiframework.com/
+ * @copyright Copyright (c) 2008 Yii Software LLC
+ * @license http://www.yiiframework.com/license/
+ */
+
+namespace yiiunit\framework\filters;
+
+use Yii;
+use yii\base\Action;
+use yii\filters\AjaxFilter;
+use yii\web\BadRequestHttpException;
+use yii\web\Controller;
+use yii\web\Request;
+use yiiunit\TestCase;
+
+/**
+ * @group filters
+ */
+class AjaxFilterTest extends TestCase
+{
+    /**
+     * @param boolean $isAjax
+     * @return Request
+     */
+    protected function mockRequest($isAjax)
+    {
+        /** @var Request $request */
+        $request = $this->getMockBuilder('\yii\web\Request')
+            ->setMethods(['getIsAjax'])
+            ->getMock();
+        $request->method('getIsAjax')->willReturn($isAjax);
+
+        return $request;
+    }
+
+    public function testFilter()
+    {
+        $this->mockWebApplication();
+        $controller = new Controller('id', Yii::$app);
+        $action = new Action('test', $controller);
+        $filter = new AjaxFilter();
+
+        $filter->request = $this->mockRequest(true);
+        $this->assertTrue($filter->beforeAction($action));
+
+        $filter->request = $this->mockRequest(false);
+        $this->expectException('yii\web\BadRequestHttpException');
+        $filter->beforeAction($action);
+    }
+}