Fix #20651: Add missing generics in yii\filters namespace

Author: mspirkov

framework/CHANGELOG.md

@@ -73,6 +73,7 @@ Yii Framework 2 Change Log
 - Bug #20639: Add missing generics in `yii\web` namespace (mspirkov)
 - Bug #20645: Add missing generics in `yii\helpers` and `yii\test` namespaces. Fix PHPDoc annotations in `ArrayAccessTrait` (mspirkov)
 - Bug #20640: Fix `@param` annotation for `$block` in `yii\console\Markdown::renderParagraph()` (mspirkov)
+- Bug #20651: Add missing generics in `yii\filters` namespace (mspirkov)
 
 
 2.0.53 June 27, 2025

framework/base/Action.php

@@ -62,6 +62,9 @@ class Action extends Component
      * @param Controller $controller the controller that owns this action
      * @param array $config name-value pairs that will be used to initialize the object properties
      *
+     * @phpstan-param T $controller
+     * @psalm-param T $controller
+     *
      * @phpstan-param array<string, mixed> $config
      * @psalm-param array<string, mixed> $config
      */

framework/base/ActionFilter.php

@@ -98,6 +98,9 @@ public function afterFilter($event)
      * You may override this method to do last-minute preparation for the action.
      * @param Action $action the action to be executed.
      * @return bool whether the action should continue to be executed.
+     *
+     * @phpstan-param Action<Controller> $action
+     * @psalm-param Action<Controller> $action
      */
     public function beforeAction($action)
     {

framework/filters/AccessControl.php

@@ -8,10 +8,10 @@
 namespace yii\filters;
 
 use Yii;
-use yii\base\Action;
 use yii\base\ActionFilter;
 use yii\di\Instance;
 use yii\web\ForbiddenHttpException;
+use yii\web\IdentityInterface;
 use yii\web\User;
 
 /**
@@ -60,6 +60,9 @@ class AccessControl extends ActionFilter
      * @var User|array|string|false the user object representing the authentication status or the ID of the user application component.
      * Starting from version 2.0.2, this can also be a configuration array for creating the object.
      * Starting from version 2.0.12, you can set it to `false` to explicitly switch this component support off for the filter.
+     *
+     * @phpstan-var User<IdentityInterface>|array|string|false
+     * @psalm-var User<IdentityInterface>|array|string|false
      */
     public $user = 'user';
     /**
@@ -109,10 +112,7 @@ public function init()
     }
 
     /**
-     * This method is invoked right before an action is to be executed (after all possible filters.)
-     * You may override this method to do last-minute preparation for the action.
-     * @param Action $action the action to be executed.
-     * @return bool whether the action should continue to be executed.
+     * {@inheritdoc}
      */
     public function beforeAction($action)
     {
@@ -149,6 +149,9 @@ public function beforeAction($action)
      * if the user is already logged, a 403 HTTP exception will be thrown.
      * @param User|false $user the current user or boolean `false` in case of detached User component
      * @throws ForbiddenHttpException if the user is already logged in or in case of detached User component.
+     *
+     * @phpstan-param User<IdentityInterface>|false $user
+     * @psalm-param User<IdentityInterface>|false $user
      */
     protected function denyAccess($user)
     {

framework/filters/AccessRule.php

@@ -14,6 +14,7 @@
 use yii\base\InvalidConfigException;
 use yii\helpers\IpHelper;
 use yii\helpers\StringHelper;
+use yii\web\IdentityInterface;
 use yii\web\Request;
 use yii\web\User;
 
@@ -166,6 +167,12 @@ class AccessRule extends Component
      * @param User|false $user the user object or `false` in case of detached User component
      * @param Request $request
      * @return bool|null `true` if the user is allowed, `false` if the user is denied, `null` if the rule does not apply to the user
+     *
+     * @phpstan-param Action<Controller> $action
+     * @psalm-param Action<Controller> $action
+     *
+     * @phpstan-param User<IdentityInterface>|false $user
+     * @psalm-param User<IdentityInterface>|false $user
      */
     public function allows($action, $user, $request)
     {
@@ -186,6 +193,9 @@ public function allows($action, $user, $request)
     /**
      * @param Action $action the action
      * @return bool whether the rule applies to the action
+     *
+     * @phpstan-param Action<Controller> $action
+     * @psalm-param Action<Controller> $action
      */
     protected function matchAction($action)
     {
@@ -216,6 +226,9 @@ protected function matchController($controller)
      * @param User $user the user object
      * @return bool whether the rule applies to the role
      * @throws InvalidConfigException if User component is detached
+     *
+     * @phpstan-param User<IdentityInterface> $user
+     * @psalm-param User<IdentityInterface> $user
      */
     protected function matchRole($user)
     {
@@ -297,6 +310,9 @@ protected function matchVerb($verb)
     /**
      * @param Action $action the action to be performed
      * @return bool whether the rule should be applied
+     *
+     * @phpstan-param Action<Controller> $action
+     * @psalm-param Action<Controller> $action
      */
     protected function matchCustom($action)
     {

framework/filters/Cors.php

@@ -8,7 +8,9 @@
 namespace yii\filters;
 
 use Yii;
+use yii\base\Action;
 use yii\base\ActionFilter;
+use yii\base\Controller;
 use yii\base\InvalidConfigException;
 use yii\web\Request;
 use yii\web\Response;
@@ -119,7 +121,10 @@ public function beforeAction($action)
 
     /**
      * Override settings for specific action.
-     * @param \yii\base\Action $action the action settings to override
+     * @param Action $action the action settings to override
+     *
+     * @phpstan-param Action<Controller> $action
+     * @psalm-param Action<Controller> $action
      */
     public function overrideDefaultSettings($action)
     {

framework/filters/HostControl.php

@@ -8,7 +8,9 @@
 namespace yii\filters;
 
 use Yii;
+use yii\base\Action;
 use yii\base\ActionFilter;
+use yii\base\Controller;
 use yii\helpers\StringHelper;
 use yii\web\NotFoundHttpException;
 
@@ -160,8 +162,11 @@ public function beforeAction($action)
      * The default implementation will display 404 page right away, terminating the program execution.
      * You may override this method, creating your own deny access handler. While doing so, make sure you
      * avoid usage of the current requested host name, creation of absolute URL links, caching page parts and so on.
-     * @param \yii\base\Action $action the action to be executed.
+     * @param Action $action the action to be executed.
      * @throws NotFoundHttpException
+     *
+     * @phpstan-param Action<Controller> $action
+     * @psalm-param Action<Controller> $action
      */
     protected function denyAccess($action)
     {

framework/filters/HttpCache.php

@@ -8,7 +8,6 @@
 namespace yii\filters;
 
 use Yii;
-use yii\base\Action;
 use yii\base\ActionFilter;
 
 /**
@@ -108,10 +107,7 @@ class HttpCache extends ActionFilter
 
 
     /**
-     * This method is invoked right before an action is to be executed (after all possible filters.)
-     * You may override this method to do last-minute preparation for the action.
-     * @param Action $action the action to be executed.
-     * @return bool whether the action should continue to be executed.
+     * {@inheritdoc}
      */
     public function beforeAction($action)
     {

framework/filters/PageCache.php

@@ -9,7 +9,6 @@
 
 use Closure;
 use Yii;
-use yii\base\Action;
 use yii\base\ActionFilter;
 use yii\base\DynamicContentAwareInterface;
 use yii\base\DynamicContentAwareTrait;
@@ -163,10 +162,7 @@ public function init()
     }
 
     /**
-     * This method is invoked right before an action is to be executed (after all possible filters.)
-     * You may override this method to do last-minute preparation for the action.
-     * @param Action $action the action to be executed.
-     * @return bool whether the action should continue to be executed.
+     * {@inheritdoc}
      */
     public function beforeAction($action)
     {

framework/filters/RateLimitInterface.php

@@ -7,6 +7,9 @@
 
 namespace yii\filters;
 
+use yii\base\Action;
+use yii\base\Controller;
+
 /**
  * RateLimitInterface is the interface that may be implemented by an identity object to enforce rate limiting.
  *
@@ -18,27 +21,36 @@ interface RateLimitInterface
     /**
      * Returns the maximum number of allowed requests and the window size.
      * @param \yii\web\Request $request the current request
-     * @param \yii\base\Action $action the action to be executed
+     * @param Action $action the action to be executed
      * @return array an array of two elements. The first element is the maximum number of allowed requests,
      * and the second element is the size of the window in seconds.
+     *
+     * @phpstan-param Action<Controller> $action
+     * @psalm-param Action<Controller> $action
      */
     public function getRateLimit($request, $action);
 
     /**
      * Loads the number of allowed requests and the corresponding timestamp from a persistent storage.
      * @param \yii\web\Request $request the current request
-     * @param \yii\base\Action $action the action to be executed
+     * @param Action $action the action to be executed
      * @return array an array of two elements. The first element is the number of allowed requests,
      * and the second element is the corresponding UNIX timestamp.
+     *
+     * @phpstan-param Action<Controller> $action
+     * @psalm-param Action<Controller> $action
      */
     public function loadAllowance($request, $action);
 
     /**
      * Saves the number of allowed requests and the corresponding timestamp to a persistent storage.
      * @param \yii\web\Request $request the current request
-     * @param \yii\base\Action $action the action to be executed
+     * @param Action $action the action to be executed
      * @param int $allowance the number of allowed requests remaining.
      * @param int $timestamp the current timestamp.
+     *
+     * @phpstan-param Action<Controller> $action
+     * @psalm-param Action<Controller> $action
      */
     public function saveAllowance($request, $action, $allowance, $timestamp);
 }