Class yii\rbac\PhpManager
Inheritance | yii\rbac\PhpManager » yii\rbac\BaseManager » yii\base\Component » yii\base\BaseObject |
---|---|
Implements | yii\base\Configurable, yii\rbac\ManagerInterface |
Available since version | 2.0 |
Source Code | https://github.com/yiisoft/yii2/blob/master/framework/rbac/PhpManager.php |
PhpManager represents an authorization manager that stores authorization information in terms of a PHP script file.
The authorization data will be saved to and loaded from three files specified by $itemFile, $assignmentFile and $ruleFile.
PhpManager is mainly suitable for authorization data that is not too big (for example, the authorization data for a personal blog system). Use yii\rbac\DbManager for more complex authorization data.
Note that PhpManager is not compatible with facebooks HHVM because it relies on writing php files and including them afterwards which is not supported by HHVM.
For more details and usage information on PhpManager, see the guide article on security authorization.
Public Properties
Property | Type | Description | Defined By |
---|---|---|---|
$assignmentFile | string | The path of the PHP script that contains the authorization assignments. | yii\rbac\PhpManager |
$assignments | array | yii\rbac\PhpManager | |
$behaviors | yii\base\Behavior[] | List of behaviors attached to this component. | yii\base\Component |
$children | array | yii\rbac\PhpManager | |
$defaultRoleInstances | yii\rbac\Role[] | Default roles. | yii\rbac\BaseManager |
$defaultRoles | array | A list of role names that are assigned to every user automatically without calling assign(). | yii\rbac\BaseManager |
$itemFile | string | The path of the PHP script that contains the authorization items. | yii\rbac\PhpManager |
$items | yii\rbac\Item[] | yii\rbac\PhpManager | |
$permissions | yii\rbac\Permission[] | All permissions in the system. | yii\rbac\BaseManager |
$roles | yii\rbac\Role[] | All roles in the system. | yii\rbac\BaseManager |
$ruleFile | string | The path of the PHP script that contains the authorization rules. | yii\rbac\PhpManager |
$rules | yii\rbac\Rule[] | yii\rbac\PhpManager |
Public Methods
Method | Description | Defined By |
---|---|---|
__call() | Calls the named method which is not a class method. | yii\base\Component |
__clone() | This method is called after the object is created by cloning an existing one. | yii\base\Component |
__construct() | Constructor. | yii\base\BaseObject |
__get() | Returns the value of a component property. | yii\base\Component |
__isset() | Checks if a property is set, i.e. defined and not null. | yii\base\Component |
__set() | Sets the value of a component property. | yii\base\Component |
__unset() | Sets a component property to be null. | yii\base\Component |
add() | Adds a role, permission or rule to the RBAC system. | yii\rbac\BaseManager |
addChild() | Adds an item as a child of another item. | yii\rbac\PhpManager |
assign() | Assigns a role to a user. | yii\rbac\PhpManager |
attachBehavior() | Attaches a behavior to this component. | yii\base\Component |
attachBehaviors() | Attaches a list of behaviors to the component. | yii\base\Component |
behaviors() | Returns a list of behaviors that this component should behave as. | yii\base\Component |
canAddChild() | Checks the possibility of adding a child to parent. | yii\rbac\PhpManager |
canGetProperty() | Returns a value indicating whether a property can be read. | yii\base\Component |
canSetProperty() | Returns a value indicating whether a property can be set. | yii\base\Component |
checkAccess() | yii\rbac\PhpManager | |
className() | Returns the fully qualified name of this class. | yii\base\BaseObject |
createPermission() | Creates a new Permission object. | yii\rbac\BaseManager |
createRole() | Creates a new Role object. | yii\rbac\BaseManager |
detachBehavior() | Detaches a behavior from the component. | yii\base\Component |
detachBehaviors() | Detaches all behaviors from the component. | yii\base\Component |
ensureBehaviors() | Makes sure that the behaviors declared in behaviors() are attached to this component. | yii\base\Component |
getAssignment() | Returns the assignment information regarding a role and a user. | yii\rbac\PhpManager |
getAssignments() | Returns all role assignment information for the specified user. | yii\rbac\PhpManager |
getBehavior() | Returns the named behavior object. | yii\base\Component |
getBehaviors() | Returns all behaviors attached to this component. | yii\base\Component |
getChildRoles() | Returns child roles of the role specified. Depth isn't limited. | yii\rbac\PhpManager |
getChildren() | Returns the child permissions and/or roles. | yii\rbac\PhpManager |
getDefaultRoleInstances() | Returns defaultRoles as array of Role objects. | yii\rbac\BaseManager |
getDefaultRoles() | Get default roles | yii\rbac\BaseManager |
getItem() | Returns the named auth item. | yii\rbac\PhpManager |
getItems() | Returns the items of the specified type. | yii\rbac\PhpManager |
getPermission() | Returns the named permission. | yii\rbac\BaseManager |
getPermissions() | Returns all permissions in the system. | yii\rbac\BaseManager |
getPermissionsByRole() | Returns all permissions that the specified role represents. | yii\rbac\PhpManager |
getPermissionsByUser() | Returns all permissions that the user has. | yii\rbac\PhpManager |
getRole() | Returns the named role. | yii\rbac\BaseManager |
getRoles() | Returns all roles in the system. | yii\rbac\BaseManager |
getRolesByUser() | {@inheritdoc} The roles returned by this method include the roles assigned via $defaultRoles. | yii\rbac\PhpManager |
getRule() | Returns the rule of the specified name. | yii\rbac\PhpManager |
getRules() | Returns all rules available in the system. | yii\rbac\PhpManager |
getUserIdsByRole() | Returns all user IDs assigned to the role specified. | yii\rbac\PhpManager |
hasChild() | Returns a value indicating whether the child already exists for the parent. | yii\rbac\PhpManager |
hasEventHandlers() | Returns a value indicating whether there is any handler attached to the named event. | yii\base\Component |
hasMethod() | Returns a value indicating whether a method is defined. | yii\base\Component |
hasProperty() | Returns a value indicating whether a property is defined for this component. | yii\base\Component |
init() | Initializes the application component. | yii\rbac\PhpManager |
off() | Detaches an existing event handler from this component. | yii\base\Component |
on() | Attaches an event handler to an event. | yii\base\Component |
remove() | Removes a role, permission or rule from the RBAC system. | yii\rbac\BaseManager |
removeAll() | Removes all authorization data, including roles, permissions, rules, and assignments. | yii\rbac\PhpManager |
removeAllAssignments() | Removes all role assignments. | yii\rbac\PhpManager |
removeAllPermissions() | Removes all permissions. | yii\rbac\PhpManager |
removeAllRoles() | Removes all roles. | yii\rbac\PhpManager |
removeAllRules() | Removes all rules. | yii\rbac\PhpManager |
removeChild() | Removes a child from its parent. | yii\rbac\PhpManager |
removeChildren() | Removed all children form their parent. | yii\rbac\PhpManager |
removeItem() | Removes an auth item from the RBAC system. | yii\rbac\PhpManager |
revoke() | Revokes a role from a user. | yii\rbac\PhpManager |
revokeAll() | Revokes all roles from a user. | yii\rbac\PhpManager |
setDefaultRoles() | Set default roles | yii\rbac\BaseManager |
trigger() | Triggers an event. | yii\base\Component |
update() | Updates the specified role, permission or rule in the system. | yii\rbac\BaseManager |
updateRule() | Updates a rule to the RBAC system. | yii\rbac\PhpManager |
Protected Methods
Method | Description | Defined By |
---|---|---|
addItem() | Adds an auth item to the RBAC system. | yii\rbac\PhpManager |
addRule() | Adds a rule to the RBAC system. | yii\rbac\PhpManager |
checkAccessRecursive() | Performs access check for the specified user. | yii\rbac\PhpManager |
detectLoop() | Checks whether there is a loop in the authorization item hierarchy. | yii\rbac\PhpManager |
executeRule() | Executes the rule associated with the specified auth item. | yii\rbac\BaseManager |
getChildrenRecursive() | Recursively finds all children and grand children of the specified item. | yii\rbac\PhpManager |
getDirectPermissionsByUser() | Returns all permissions that are directly assigned to user. | yii\rbac\PhpManager |
getInheritedPermissionsByUser() | Returns all permissions that the user inherits from the roles assigned to him. | yii\rbac\PhpManager |
hasNoAssignments() | Checks whether array of $assignments is empty and $defaultRoles property is empty as well. | yii\rbac\BaseManager |
invalidateScriptCache() | Invalidates precompiled script cache (such as OPCache or APC) for the given file. | yii\rbac\PhpManager |
load() | Loads authorization data from persistent storage. | yii\rbac\PhpManager |
loadFromFile() | Loads the authorization data from a PHP script file. | yii\rbac\PhpManager |
removeAllItems() | Removes all auth items of the specified type. | yii\rbac\PhpManager |
removeRule() | Removes a rule from the RBAC system. | yii\rbac\PhpManager |
save() | Saves authorization data into persistent storage. | yii\rbac\PhpManager |
saveAssignments() | Saves assignments data into persistent storage. | yii\rbac\PhpManager |
saveItems() | Saves items data into persistent storage. | yii\rbac\PhpManager |
saveRules() | Saves rules data into persistent storage. | yii\rbac\PhpManager |
saveToFile() | Saves the authorization data to a PHP script file. | yii\rbac\PhpManager |
updateItem() | Updates an auth item in the RBAC system. | yii\rbac\PhpManager |
Property Details
The path of the PHP script that contains the authorization assignments. This can be either a file path or a path alias to the file. Make sure this file is writable by the Web server process if the authorization needs to be changed online.
See also:
The path of the PHP script that contains the authorization items. This can be either a file path or a path alias to the file. Make sure this file is writable by the Web server process if the authorization needs to be changed online.
See also:
The path of the PHP script that contains the authorization rules. This can be either a file path or a path alias to the file. Make sure this file is writable by the Web server process if the authorization needs to be changed online.
See also:
Method Details
Defined in: yii\base\Component::__call()
Calls the named method which is not a class method.
This method will check if any attached behavior has the named method and will execute it if available.
Do not call this method directly as it is a PHP magic method that will be implicitly called when an unknown method is being invoked.
public mixed __call ( $name, $params ) | ||
$name | string |
The method name |
$params | array |
Method parameters |
return | mixed |
The method return value |
---|---|---|
throws | yii\base\UnknownMethodException |
when calling unknown method |
public function __call($name, $params)
{
$this->ensureBehaviors();
foreach ($this->_behaviors as $object) {
if ($object->hasMethod($name)) {
return call_user_func_array([$object, $name], $params);
}
}
throw new UnknownMethodException('Calling unknown method: ' . get_class($this) . "::$name()");
}
Defined in: yii\base\Component::__clone()
This method is called after the object is created by cloning an existing one.
It removes all behaviors because they are attached to the old object.
public void __clone ( ) |
public function __clone()
{
$this->_events = [];
$this->_eventWildcards = [];
$this->_behaviors = null;
}
Defined in: yii\base\BaseObject::__construct()
Constructor.
The default implementation does two things:
- Initializes the object with the given configuration
$config
. - Call init().
If this method is overridden in a child class, it is recommended that
- the last parameter of the constructor is a configuration array, like
$config
here. - call the parent implementation at the end of the constructor.
public void __construct ( $config = [] ) | ||
$config | array |
Name-value pairs that will be used to initialize the object properties |
public function __construct($config = [])
{
if (!empty($config)) {
Yii::configure($this, $config);
}
$this->init();
}
Defined in: yii\base\Component::__get()
Returns the value of a component property.
This method will check in the following order and act accordingly:
- a property defined by a getter: return the getter result
- a property of a behavior: return the behavior property value
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing $value = $component->property;
.
See also __set().
public mixed __get ( $name ) | ||
$name | string |
The property name |
return | mixed |
The property value or the value of a behavior's property |
---|---|---|
throws | yii\base\UnknownPropertyException |
if the property is not defined |
throws | yii\base\InvalidCallException |
if the property is write-only. |
public function __get($name)
{
$getter = 'get' . $name;
if (method_exists($this, $getter)) {
// read property, e.g. getName()
return $this->$getter();
}
// behavior property
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canGetProperty($name)) {
return $behavior->$name;
}
}
if (method_exists($this, 'set' . $name)) {
throw new InvalidCallException('Getting write-only property: ' . get_class($this) . '::' . $name);
}
throw new UnknownPropertyException('Getting unknown property: ' . get_class($this) . '::' . $name);
}
Defined in: yii\base\Component::__isset()
Checks if a property is set, i.e. defined and not null.
This method will check in the following order and act accordingly:
- a property defined by a setter: return whether the property is set
- a property of a behavior: return whether the property is set
- return
false
for non existing properties
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing isset($component->property)
.
public boolean __isset ( $name ) | ||
$name | string |
The property name or the event name |
return | boolean |
Whether the named property is set |
---|
public function __isset($name)
{
$getter = 'get' . $name;
if (method_exists($this, $getter)) {
return $this->$getter() !== null;
}
// behavior property
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canGetProperty($name)) {
return $behavior->$name !== null;
}
}
return false;
}
Defined in: yii\base\Component::__set()
Sets the value of a component property.
This method will check in the following order and act accordingly:
- a property defined by a setter: set the property value
- an event in the format of "on xyz": attach the handler to the event "xyz"
- a behavior in the format of "as xyz": attach the behavior named as "xyz"
- a property of a behavior: set the behavior property value
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing $component->property = $value;
.
See also __get().
public void __set ( $name, $value ) | ||
$name | string |
The property name or the event name |
$value | mixed |
The property value |
throws | yii\base\UnknownPropertyException |
if the property is not defined |
---|---|---|
throws | yii\base\InvalidCallException |
if the property is read-only. |
public function __set($name, $value)
{
$setter = 'set' . $name;
if (method_exists($this, $setter)) {
// set property
$this->$setter($value);
return;
} elseif (strncmp($name, 'on ', 3) === 0) {
// on event: attach event handler
$this->on(trim(substr($name, 3)), $value);
return;
} elseif (strncmp($name, 'as ', 3) === 0) {
// as behavior: attach behavior
$name = trim(substr($name, 3));
$this->attachBehavior($name, $value instanceof Behavior ? $value : Yii::createObject($value));
return;
}
// behavior property
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canSetProperty($name)) {
$behavior->$name = $value;
return;
}
}
if (method_exists($this, 'get' . $name)) {
throw new InvalidCallException('Setting read-only property: ' . get_class($this) . '::' . $name);
}
throw new UnknownPropertyException('Setting unknown property: ' . get_class($this) . '::' . $name);
}
Defined in: yii\base\Component::__unset()
Sets a component property to be null.
This method will check in the following order and act accordingly:
- a property defined by a setter: set the property value to be null
- a property of a behavior: set the property value to be null
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing unset($component->property)
.
public void __unset ( $name ) | ||
$name | string |
The property name |
throws | yii\base\InvalidCallException |
if the property is read only. |
---|
public function __unset($name)
{
$setter = 'set' . $name;
if (method_exists($this, $setter)) {
$this->$setter(null);
return;
}
// behavior property
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canSetProperty($name)) {
$behavior->$name = null;
return;
}
}
throw new InvalidCallException('Unsetting an unknown or read-only property: ' . get_class($this) . '::' . $name);
}
Defined in: yii\rbac\BaseManager::add()
Adds a role, permission or rule to the RBAC system.
public boolean add ( $object ) | ||
$object | yii\rbac\Role|yii\rbac\Permission|yii\rbac\Rule | |
return | boolean |
Whether the role, permission or rule is successfully added to the system |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the role or permission is not unique) |
public function add($object)
{
if ($object instanceof Item) {
if ($object->ruleName && $this->getRule($object->ruleName) === null) {
$rule = \Yii::createObject($object->ruleName);
$rule->name = $object->ruleName;
$this->addRule($rule);
}
return $this->addItem($object);
} elseif ($object instanceof Rule) {
return $this->addRule($object);
}
throw new InvalidArgumentException('Adding unsupported object type.');
}
Adds an item as a child of another item.
public boolean addChild ( $parent, $child ) | ||
$parent | yii\rbac\Item | |
$child | yii\rbac\Item | |
return | boolean |
Whether the child successfully added |
---|---|---|
throws | yii\base\Exception |
if the parent-child relationship already exists or if a loop has been detected. |
public function addChild($parent, $child)
{
if (!isset($this->items[$parent->name], $this->items[$child->name])) {
throw new InvalidArgumentException("Either '{$parent->name}' or '{$child->name}' does not exist.");
}
if ($parent->name === $child->name) {
throw new InvalidArgumentException("Cannot add '{$parent->name} ' as a child of itself.");
}
if ($parent instanceof Permission && $child instanceof Role) {
throw new InvalidArgumentException('Cannot add a role as a child of a permission.');
}
if ($this->detectLoop($parent, $child)) {
throw new InvalidCallException("Cannot add '{$child->name}' as a child of '{$parent->name}'. A loop has been detected.");
}
if (isset($this->children[$parent->name][$child->name])) {
throw new InvalidCallException("The item '{$parent->name}' already has a child '{$child->name}'.");
}
$this->children[$parent->name][$child->name] = $this->items[$child->name];
$this->saveItems();
return true;
}
Adds an auth item to the RBAC system.
protected boolean addItem ( $item ) | ||
$item | yii\rbac\Item |
The item to add |
return | boolean |
Whether the auth item is successfully added to the system |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the role or permission is not unique) |
protected function addItem($item)
{
$time = time();
if ($item->createdAt === null) {
$item->createdAt = $time;
}
if ($item->updatedAt === null) {
$item->updatedAt = $time;
}
$this->items[$item->name] = $item;
$this->saveItems();
return true;
}
Adds a rule to the RBAC system.
protected boolean addRule ( $rule ) | ||
$rule | yii\rbac\Rule |
The rule to add |
return | boolean |
Whether the rule is successfully added to the system |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the rule is not unique) |
protected function addRule($rule)
{
$this->rules[$rule->name] = $rule;
$this->saveRules();
return true;
}
Assigns a role to a user.
public yii\rbac\Assignment assign ( $role, $userId ) | ||
$role | yii\rbac\Role|yii\rbac\Permission | |
$userId | string|integer |
The user ID (see yii\web\User::$id) |
return | yii\rbac\Assignment |
The role assignment information. |
---|---|---|
throws | Exception |
if the role has already been assigned to the user |
public function assign($role, $userId)
{
if (!isset($this->items[$role->name])) {
throw new InvalidArgumentException("Unknown role '{$role->name}'.");
} elseif (isset($this->assignments[$userId][$role->name])) {
throw new InvalidArgumentException("Authorization item '{$role->name}' has already been assigned to user '$userId'.");
}
$this->assignments[$userId][$role->name] = new Assignment([
'userId' => $userId,
'roleName' => $role->name,
'createdAt' => time(),
]);
$this->saveAssignments();
return $this->assignments[$userId][$role->name];
}
Defined in: yii\base\Component::attachBehavior()
Attaches a behavior to this component.
This method will create the behavior object based on the given configuration. After that, the behavior object will be attached to this component by calling the yii\base\Behavior::attach() method.
See also detachBehavior().
public yii\base\Behavior attachBehavior ( $name, $behavior ) | ||
$name | string |
The name of the behavior. |
$behavior | string|array|yii\base\Behavior |
The behavior configuration. This can be one of the following:
|
return | yii\base\Behavior |
The behavior object |
---|
public function attachBehavior($name, $behavior)
{
$this->ensureBehaviors();
return $this->attachBehaviorInternal($name, $behavior);
}
Defined in: yii\base\Component::attachBehaviors()
Attaches a list of behaviors to the component.
Each behavior is indexed by its name and should be a yii\base\Behavior object, a string specifying the behavior class, or an configuration array for creating the behavior.
See also attachBehavior().
public void attachBehaviors ( $behaviors ) | ||
$behaviors | array |
List of behaviors to be attached to the component |
public function attachBehaviors($behaviors)
{
$this->ensureBehaviors();
foreach ($behaviors as $name => $behavior) {
$this->attachBehaviorInternal($name, $behavior);
}
}
Defined in: yii\base\Component::behaviors()
Returns a list of behaviors that this component should behave as.
Child classes may override this method to specify the behaviors they want to behave as.
The return value of this method should be an array of behavior objects or configurations indexed by behavior names. A behavior configuration can be either a string specifying the behavior class or an array of the following structure:
'behaviorName' => [
'class' => 'BehaviorClass',
'property1' => 'value1',
'property2' => 'value2',
]
Note that a behavior class must extend from yii\base\Behavior. Behaviors can be attached using a name or anonymously. When a name is used as the array key, using this name, the behavior can later be retrieved using getBehavior() or be detached using detachBehavior(). Anonymous behaviors can not be retrieved or detached.
Behaviors declared in this method will be attached to the component automatically (on demand).
public array behaviors ( ) | ||
return | array |
The behavior configurations. |
---|
public function behaviors()
{
return [];
}
Checks the possibility of adding a child to parent.
public boolean canAddChild ( $parent, $child ) | ||
$parent | yii\rbac\Item |
The parent item |
$child | yii\rbac\Item |
The child item to be added to the hierarchy |
return | boolean |
Possibility of adding |
---|
public function canAddChild($parent, $child)
{
return !$this->detectLoop($parent, $child);
}
Defined in: yii\base\Component::canGetProperty()
Returns a value indicating whether a property can be read.
A property can be read if:
- the class has a getter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVars
is true); - an attached behavior has a readable property of the given name (when
$checkBehaviors
is true).
See also canSetProperty().
public boolean canGetProperty ( $name, $checkVars = true, $checkBehaviors = true ) | ||
$name | string |
The property name |
$checkVars | boolean |
Whether to treat member variables as properties |
$checkBehaviors | boolean |
Whether to treat behaviors' properties as properties of this component |
return | boolean |
Whether the property can be read |
---|
public function canGetProperty($name, $checkVars = true, $checkBehaviors = true)
{
if (method_exists($this, 'get' . $name) || $checkVars && property_exists($this, $name)) {
return true;
} elseif ($checkBehaviors) {
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canGetProperty($name, $checkVars)) {
return true;
}
}
}
return false;
}
Defined in: yii\base\Component::canSetProperty()
Returns a value indicating whether a property can be set.
A property can be written if:
- the class has a setter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVars
is true); - an attached behavior has a writable property of the given name (when
$checkBehaviors
is true).
See also canGetProperty().
public boolean canSetProperty ( $name, $checkVars = true, $checkBehaviors = true ) | ||
$name | string |
The property name |
$checkVars | boolean |
Whether to treat member variables as properties |
$checkBehaviors | boolean |
Whether to treat behaviors' properties as properties of this component |
return | boolean |
Whether the property can be written |
---|
public function canSetProperty($name, $checkVars = true, $checkBehaviors = true)
{
if (method_exists($this, 'set' . $name) || $checkVars && property_exists($this, $name)) {
return true;
} elseif ($checkBehaviors) {
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canSetProperty($name, $checkVars)) {
return true;
}
}
}
return false;
}
public void checkAccess ( $userId, $permissionName, $params = [] ) | ||
$userId | ||
$permissionName | ||
$params |
public function checkAccess($userId, $permissionName, $params = [])
{
$assignments = $this->getAssignments($userId);
if ($this->hasNoAssignments($assignments)) {
return false;
}
return $this->checkAccessRecursive($userId, $permissionName, $params, $assignments);
}
Performs access check for the specified user.
This method is internally called by checkAccess().
protected boolean checkAccessRecursive ( $user, $itemName, $params, $assignments ) | ||
$user | string|integer |
The user ID. This should can be either an integer or a string representing the unique identifier of a user. See yii\web\User::$id. |
$itemName | string |
The name of the operation that need access check |
$params | array |
Name-value pairs that would be passed to rules associated
with the tasks and roles assigned to the user. A param with name 'user' is added to this array,
which holds the value of |
$assignments | yii\rbac\Assignment[] |
The assignments to the specified user |
return | boolean |
Whether the operations can be performed by the user. |
---|
protected function checkAccessRecursive($user, $itemName, $params, $assignments)
{
if (!isset($this->items[$itemName])) {
return false;
}
/* @var $item Item */
$item = $this->items[$itemName];
Yii::debug($item instanceof Role ? "Checking role: $itemName" : "Checking permission : $itemName", __METHOD__);
if (!$this->executeRule($user, $item, $params)) {
return false;
}
if (isset($assignments[$itemName]) || in_array($itemName, $this->defaultRoles)) {
return true;
}
foreach ($this->children as $parentName => $children) {
if (isset($children[$itemName]) && $this->checkAccessRecursive($user, $parentName, $params, $assignments)) {
return true;
}
}
return false;
}
::class
instead.
Defined in: yii\base\BaseObject::className()
Returns the fully qualified name of this class.
public static string className ( ) | ||
return | string |
The fully qualified name of this class. |
---|
public static function className()
{
return get_called_class();
}
Defined in: yii\rbac\BaseManager::createPermission()
Creates a new Permission object.
Note that the newly created permission is not added to the RBAC system yet. You must fill in the needed data and call add() to add it to the system.
public yii\rbac\Permission createPermission ( $name ) | ||
$name | string |
The permission name |
return | yii\rbac\Permission |
The new Permission object |
---|
public function createPermission($name)
{
$permission = new Permission();
$permission->name = $name;
return $permission;
}
Defined in: yii\rbac\BaseManager::createRole()
Creates a new Role object.
Note that the newly created role is not added to the RBAC system yet. You must fill in the needed data and call add() to add it to the system.
public yii\rbac\Role createRole ( $name ) | ||
$name | string |
The role name |
return | yii\rbac\Role |
The new Role object |
---|
public function createRole($name)
{
$role = new Role();
$role->name = $name;
return $role;
}
Defined in: yii\base\Component::detachBehavior()
Detaches a behavior from the component.
The behavior's yii\base\Behavior::detach() method will be invoked.
public yii\base\Behavior|null detachBehavior ( $name ) | ||
$name | string |
The behavior's name. |
return | yii\base\Behavior|null |
The detached behavior. Null if the behavior does not exist. |
---|
public function detachBehavior($name)
{
$this->ensureBehaviors();
if (isset($this->_behaviors[$name])) {
$behavior = $this->_behaviors[$name];
unset($this->_behaviors[$name]);
$behavior->detach();
return $behavior;
}
return null;
}
Defined in: yii\base\Component::detachBehaviors()
Detaches all behaviors from the component.
public void detachBehaviors ( ) |
public function detachBehaviors()
{
$this->ensureBehaviors();
foreach ($this->_behaviors as $name => $behavior) {
$this->detachBehavior($name);
}
}
Checks whether there is a loop in the authorization item hierarchy.
protected boolean detectLoop ( $parent, $child ) | ||
$parent | yii\rbac\Item |
Parent item |
$child | yii\rbac\Item |
The child item that is to be added to the hierarchy |
return | boolean |
Whether a loop exists |
---|
protected function detectLoop($parent, $child)
{
if ($child->name === $parent->name) {
return true;
}
if (!isset($this->children[$child->name], $this->items[$parent->name])) {
return false;
}
foreach ($this->children[$child->name] as $grandchild) {
/* @var $grandchild Item */
if ($this->detectLoop($parent, $grandchild)) {
return true;
}
}
return false;
}
Defined in: yii\base\Component::ensureBehaviors()
Makes sure that the behaviors declared in behaviors() are attached to this component.
public void ensureBehaviors ( ) |
public function ensureBehaviors()
{
if ($this->_behaviors === null) {
$this->_behaviors = [];
foreach ($this->behaviors() as $name => $behavior) {
$this->attachBehaviorInternal($name, $behavior);
}
}
}
Defined in: yii\rbac\BaseManager::executeRule()
Executes the rule associated with the specified auth item.
If the item does not specify a rule, this method will return true. Otherwise, it will return the value of yii\rbac\Rule::execute().
protected boolean executeRule ( $user, $item, $params ) | ||
$user | string|integer |
The user ID. This should be either an integer or a string representing the unique identifier of a user. See yii\web\User::$id. |
$item | yii\rbac\Item |
The auth item that needs to execute its rule |
$params | array |
Parameters passed to yii\rbac\CheckAccessInterface::checkAccess() and will be passed to the rule |
return | boolean |
The return value of yii\rbac\Rule::execute(). If the auth item does not specify a rule, true will be returned. |
---|---|---|
throws | yii\base\InvalidConfigException |
if the auth item has an invalid rule. |
protected function executeRule($user, $item, $params)
{
if ($item->ruleName === null) {
return true;
}
$rule = $this->getRule($item->ruleName);
if ($rule instanceof Rule) {
return $rule->execute($user, $item, $params);
}
throw new InvalidConfigException("Rule not found: {$item->ruleName}");
}
Returns the assignment information regarding a role and a user.
public yii\rbac\Assignment|null getAssignment ( $roleName, $userId ) | ||
$roleName | string |
The role name |
$userId | string|integer |
The user ID (see yii\web\User::$id) |
return | yii\rbac\Assignment|null |
The assignment information. Null is returned if the role is not assigned to the user. |
---|
public function getAssignment($roleName, $userId)
{
return isset($this->assignments[$userId][$roleName]) ? $this->assignments[$userId][$roleName] : null;
}
Returns all role assignment information for the specified user.
public yii\rbac\Assignment[] getAssignments ( $userId ) | ||
$userId | string|integer |
The user ID (see yii\web\User::$id) |
return | yii\rbac\Assignment[] |
The assignments indexed by role names. An empty array will be returned if there is no role assigned to the user. |
---|
public function getAssignments($userId)
{
return isset($this->assignments[$userId]) ? $this->assignments[$userId] : [];
}
Defined in: yii\base\Component::getBehavior()
Returns the named behavior object.
public yii\base\Behavior|null getBehavior ( $name ) | ||
$name | string |
The behavior name |
return | yii\base\Behavior|null |
The behavior object, or null if the behavior does not exist |
---|
public function getBehavior($name)
{
$this->ensureBehaviors();
return isset($this->_behaviors[$name]) ? $this->_behaviors[$name] : null;
}
Defined in: yii\base\Component::getBehaviors()
Returns all behaviors attached to this component.
public yii\base\Behavior[] getBehaviors ( ) | ||
return | yii\base\Behavior[] |
List of behaviors attached to this component |
---|
public function getBehaviors()
{
$this->ensureBehaviors();
return $this->_behaviors;
}
Returns child roles of the role specified. Depth isn't limited.
public yii\rbac\Role[] getChildRoles ( $roleName ) | ||
$roleName | string |
Name of the role to file child roles for |
return | yii\rbac\Role[] |
Child roles. The array is indexed by the role names. First element is an instance of the parent Role itself. |
---|---|---|
throws | yii\base\InvalidParamException |
if Role was not found that are getting by $roleName |
public function getChildRoles($roleName)
{
$role = $this->getRole($roleName);
if ($role === null) {
throw new InvalidArgumentException("Role \"$roleName\" not found.");
}
$result = [];
$this->getChildrenRecursive($roleName, $result);
$roles = [$roleName => $role];
$roles += array_filter($this->getRoles(), function (Role $roleItem) use ($result) {
return array_key_exists($roleItem->name, $result);
});
return $roles;
}
Returns the child permissions and/or roles.
public yii\rbac\Item[] getChildren ( $name ) | ||
$name | string |
The parent name |
return | yii\rbac\Item[] |
The child permissions and/or roles |
---|
public function getChildren($name)
{
return isset($this->children[$name]) ? $this->children[$name] : [];
}
Recursively finds all children and grand children of the specified item.
protected void getChildrenRecursive ( $name, &$result ) | ||
$name | string |
The name of the item whose children are to be looked for. |
$result | array |
The children and grand children (in array keys) |
protected function getChildrenRecursive($name, &$result)
{
if (isset($this->children[$name])) {
foreach ($this->children[$name] as $child) {
$result[$child->name] = true;
$this->getChildrenRecursive($child->name, $result);
}
}
}
Defined in: yii\rbac\BaseManager::getDefaultRoleInstances()
Returns defaultRoles as array of Role objects.
public yii\rbac\Role[] getDefaultRoleInstances ( ) | ||
return | yii\rbac\Role[] |
Default roles. The array is indexed by the role names |
---|
public function getDefaultRoleInstances()
{
$result = [];
foreach ($this->defaultRoles as $roleName) {
$result[$roleName] = $this->createRole($roleName);
}
return $result;
}
Defined in: yii\rbac\BaseManager::getDefaultRoles()
Get default roles
public string[] getDefaultRoles ( ) | ||
return | string[] |
Default roles |
---|
public function getDefaultRoles()
{
return $this->defaultRoles;
}
Returns all permissions that are directly assigned to user.
protected yii\rbac\Permission[] getDirectPermissionsByUser ( $userId ) | ||
$userId | string|integer |
The user ID (see yii\web\User::$id) |
return | yii\rbac\Permission[] |
All direct permissions that the user has. The array is indexed by the permission names. |
---|
protected function getDirectPermissionsByUser($userId)
{
$permissions = [];
foreach ($this->getAssignments($userId) as $name => $assignment) {
$permission = $this->items[$assignment->roleName];
if ($permission->type === Item::TYPE_PERMISSION) {
$permissions[$name] = $permission;
}
}
return $permissions;
}
Returns all permissions that the user inherits from the roles assigned to him.
protected yii\rbac\Permission[] getInheritedPermissionsByUser ( $userId ) | ||
$userId | string|integer |
The user ID (see yii\web\User::$id) |
return | yii\rbac\Permission[] |
All inherited permissions that the user has. The array is indexed by the permission names. |
---|
protected function getInheritedPermissionsByUser($userId)
{
$assignments = $this->getAssignments($userId);
$result = [];
foreach (array_keys($assignments) as $roleName) {
$this->getChildrenRecursive($roleName, $result);
}
if (empty($result)) {
return [];
}
$permissions = [];
foreach (array_keys($result) as $itemName) {
if (isset($this->items[$itemName]) && $this->items[$itemName] instanceof Permission) {
$permissions[$itemName] = $this->items[$itemName];
}
}
return $permissions;
}
Returns the named auth item.
public yii\rbac\Item|null getItem ( $name ) | ||
$name | string |
The auth item name. |
return | yii\rbac\Item|null |
The auth item corresponding to the specified name. Null is returned if no such item. |
---|
public function getItem($name)
{
return isset($this->items[$name]) ? $this->items[$name] : null;
}
Returns the items of the specified type.
public yii\rbac\Item[] getItems ( $type ) | ||
$type | integer |
The auth item type (either yii\rbac\Item::TYPE_ROLE or yii\rbac\Item::TYPE_PERMISSION |
return | yii\rbac\Item[] |
The auth items of the specified type. |
---|
public function getItems($type)
{
$items = [];
foreach ($this->items as $name => $item) {
/* @var $item Item */
if ($item->type == $type) {
$items[$name] = $item;
}
}
return $items;
}
Defined in: yii\rbac\BaseManager::getPermission()
Returns the named permission.
public yii\rbac\Permission|null getPermission ( $name ) | ||
$name | string |
The permission name. |
return | yii\rbac\Permission|null |
The permission corresponding to the specified name. Null is returned if no such permission. |
---|
public function getPermission($name)
{
$item = $this->getItem($name);
return $item instanceof Item && $item->type == Item::TYPE_PERMISSION ? $item : null;
}
Defined in: yii\rbac\BaseManager::getPermissions()
Returns all permissions in the system.
public yii\rbac\Permission[] getPermissions ( ) | ||
return | yii\rbac\Permission[] |
All permissions in the system. The array is indexed by the permission names. |
---|
public function getPermissions()
{
return $this->getItems(Item::TYPE_PERMISSION);
}
Returns all permissions that the specified role represents.
public yii\rbac\Permission[] getPermissionsByRole ( $roleName ) | ||
$roleName | string |
The role name |
return | yii\rbac\Permission[] |
All permissions that the role represents. The array is indexed by the permission names. |
---|
public function getPermissionsByRole($roleName)
{
$result = [];
$this->getChildrenRecursive($roleName, $result);
if (empty($result)) {
return [];
}
$permissions = [];
foreach (array_keys($result) as $itemName) {
if (isset($this->items[$itemName]) && $this->items[$itemName] instanceof Permission) {
$permissions[$itemName] = $this->items[$itemName];
}
}
return $permissions;
}
Returns all permissions that the user has.
public yii\rbac\Permission[] getPermissionsByUser ( $userId ) | ||
$userId | string|integer |
The user ID (see yii\web\User::$id) |
return | yii\rbac\Permission[] |
All permissions that the user has. The array is indexed by the permission names. |
---|
public function getPermissionsByUser($userId)
{
$directPermission = $this->getDirectPermissionsByUser($userId);
$inheritedPermission = $this->getInheritedPermissionsByUser($userId);
return array_merge($directPermission, $inheritedPermission);
}
Defined in: yii\rbac\BaseManager::getRole()
Returns the named role.
public yii\rbac\Role|null getRole ( $name ) | ||
$name | string |
The role name. |
return | yii\rbac\Role|null |
The role corresponding to the specified name. Null is returned if no such role. |
---|
public function getRole($name)
{
$item = $this->getItem($name);
return $item instanceof Item && $item->type == Item::TYPE_ROLE ? $item : null;
}
Defined in: yii\rbac\BaseManager::getRoles()
Returns all roles in the system.
public yii\rbac\Role[] getRoles ( ) | ||
return | yii\rbac\Role[] |
All roles in the system. The array is indexed by the role names. |
---|
public function getRoles()
{
return $this->getItems(Item::TYPE_ROLE);
}
{@inheritdoc} The roles returned by this method include the roles assigned via $defaultRoles.
public void getRolesByUser ( $userId ) | ||
$userId |
public function getRolesByUser($userId)
{
$roles = $this->getDefaultRoleInstances();
foreach ($this->getAssignments($userId) as $name => $assignment) {
$role = $this->items[$assignment->roleName];
if ($role->type === Item::TYPE_ROLE) {
$roles[$name] = $role;
}
}
return $roles;
}
Returns the rule of the specified name.
public yii\rbac\Rule|null getRule ( $name ) | ||
$name | string |
The rule name |
return | yii\rbac\Rule|null |
The rule object, or null if the specified name does not correspond to a rule. |
---|
public function getRule($name)
{
return isset($this->rules[$name]) ? $this->rules[$name] : null;
}
Returns all rules available in the system.
public yii\rbac\Rule[] getRules ( ) | ||
return | yii\rbac\Rule[] |
The rules indexed by the rule names |
---|
public function getRules()
{
return $this->rules;
}
Returns all user IDs assigned to the role specified.
public array getUserIdsByRole ( $roleName ) | ||
$roleName | string | |
return | array |
Array of user ID strings |
---|
public function getUserIdsByRole($roleName)
{
$result = [];
foreach ($this->assignments as $userID => $assignments) {
foreach ($assignments as $userAssignment) {
if ($userAssignment->roleName === $roleName && $userAssignment->userId == $userID) {
$result[] = (string) $userID;
}
}
}
return $result;
}
Returns a value indicating whether the child already exists for the parent.
public boolean hasChild ( $parent, $child ) | ||
$parent | yii\rbac\Item | |
$child | yii\rbac\Item | |
return | boolean |
Whether |
---|
public function hasChild($parent, $child)
{
return isset($this->children[$parent->name][$child->name]);
}
Defined in: yii\base\Component::hasEventHandlers()
Returns a value indicating whether there is any handler attached to the named event.
public boolean hasEventHandlers ( $name ) | ||
$name | string |
The event name |
return | boolean |
Whether there is any handler attached to the event. |
---|
public function hasEventHandlers($name)
{
$this->ensureBehaviors();
if (!empty($this->_events[$name])) {
return true;
}
foreach ($this->_eventWildcards as $wildcard => $handlers) {
if (!empty($handlers) && StringHelper::matchWildcard($wildcard, $name)) {
return true;
}
}
return Event::hasHandlers($this, $name);
}
Defined in: yii\base\Component::hasMethod()
Returns a value indicating whether a method is defined.
A method is defined if:
- the class has a method with the specified name
- an attached behavior has a method with the given name (when
$checkBehaviors
is true).
public boolean hasMethod ( $name, $checkBehaviors = true ) | ||
$name | string |
The property name |
$checkBehaviors | boolean |
Whether to treat behaviors' methods as methods of this component |
return | boolean |
Whether the method is defined |
---|
public function hasMethod($name, $checkBehaviors = true)
{
if (method_exists($this, $name)) {
return true;
} elseif ($checkBehaviors) {
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->hasMethod($name)) {
return true;
}
}
}
return false;
}
Defined in: yii\rbac\BaseManager::hasNoAssignments()
Checks whether array of $assignments is empty and $defaultRoles property is empty as well.
protected boolean hasNoAssignments ( array $assignments ) | ||
$assignments | yii\rbac\Assignment[] |
Array of user's assignments |
return | boolean |
Whether array of $assignments is empty and $defaultRoles property is empty as well |
---|
protected function hasNoAssignments(array $assignments)
{
return empty($assignments) && empty($this->defaultRoles);
}
Defined in: yii\base\Component::hasProperty()
Returns a value indicating whether a property is defined for this component.
A property is defined if:
- the class has a getter or setter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVars
is true); - an attached behavior has a property of the given name (when
$checkBehaviors
is true).
See also:
public boolean hasProperty ( $name, $checkVars = true, $checkBehaviors = true ) | ||
$name | string |
The property name |
$checkVars | boolean |
Whether to treat member variables as properties |
$checkBehaviors | boolean |
Whether to treat behaviors' properties as properties of this component |
return | boolean |
Whether the property is defined |
---|
public function hasProperty($name, $checkVars = true, $checkBehaviors = true)
{
return $this->canGetProperty($name, $checkVars, $checkBehaviors) || $this->canSetProperty($name, false, $checkBehaviors);
}
Initializes the application component.
This method overrides parent implementation by loading the authorization data from PHP script.
public void init ( ) |
public function init()
{
parent::init();
$this->itemFile = Yii::getAlias($this->itemFile);
$this->assignmentFile = Yii::getAlias($this->assignmentFile);
$this->ruleFile = Yii::getAlias($this->ruleFile);
$this->load();
}
Invalidates precompiled script cache (such as OPCache or APC) for the given file.
protected void invalidateScriptCache ( $file ) | ||
$file | string |
The file path. |
protected function invalidateScriptCache($file)
{
if (function_exists('opcache_invalidate')) {
opcache_invalidate($file, true);
}
if (function_exists('apc_delete_file')) {
@apc_delete_file($file);
}
}
Loads authorization data from persistent storage.
protected void load ( ) |
protected function load()
{
$this->children = [];
$this->rules = [];
$this->assignments = [];
$this->items = [];
$items = $this->loadFromFile($this->itemFile);
$itemsMtime = @filemtime($this->itemFile);
$assignments = $this->loadFromFile($this->assignmentFile);
$assignmentsMtime = @filemtime($this->assignmentFile);
$rules = $this->loadFromFile($this->ruleFile);
foreach ($items as $name => $item) {
$class = $item['type'] == Item::TYPE_PERMISSION ? Permission::className() : Role::className();
$this->items[$name] = new $class([
'name' => $name,
'description' => isset($item['description']) ? $item['description'] : null,
'ruleName' => isset($item['ruleName']) ? $item['ruleName'] : null,
'data' => isset($item['data']) ? $item['data'] : null,
'createdAt' => $itemsMtime,
'updatedAt' => $itemsMtime,
]);
}
foreach ($items as $name => $item) {
if (isset($item['children'])) {
foreach ($item['children'] as $childName) {
if (isset($this->items[$childName])) {
$this->children[$name][$childName] = $this->items[$childName];
}
}
}
}
foreach ($assignments as $userId => $roles) {
foreach ($roles as $role) {
$this->assignments[$userId][$role] = new Assignment([
'userId' => $userId,
'roleName' => $role,
'createdAt' => $assignmentsMtime,
]);
}
}
foreach ($rules as $name => $ruleData) {
$this->rules[$name] = unserialize($ruleData);
}
}
Loads the authorization data from a PHP script file.
See also saveToFile().
protected array loadFromFile ( $file ) | ||
$file | string |
The file path. |
return | array |
The authorization data |
---|
protected function loadFromFile($file)
{
if (is_file($file)) {
return require $file;
}
return [];
}
Defined in: yii\base\Component::off()
Detaches an existing event handler from this component.
This method is the opposite of on().
Note: in case wildcard pattern is passed for event name, only the handlers registered with this wildcard will be removed, while handlers registered with plain names matching this wildcard will remain.
See also on().
public boolean off ( $name, $handler = null ) | ||
$name | string |
Event name |
$handler | callable|null |
The event handler to be removed. If it is null, all handlers attached to the named event will be removed. |
return | boolean |
If a handler is found and detached |
---|
public function off($name, $handler = null)
{
$this->ensureBehaviors();
if (empty($this->_events[$name]) && empty($this->_eventWildcards[$name])) {
return false;
}
if ($handler === null) {
unset($this->_events[$name], $this->_eventWildcards[$name]);
return true;
}
$removed = false;
// plain event names
if (isset($this->_events[$name])) {
foreach ($this->_events[$name] as $i => $event) {
if ($event[0] === $handler) {
unset($this->_events[$name][$i]);
$removed = true;
}
}
if ($removed) {
$this->_events[$name] = array_values($this->_events[$name]);
return true;
}
}
// wildcard event names
if (isset($this->_eventWildcards[$name])) {
foreach ($this->_eventWildcards[$name] as $i => $event) {
if ($event[0] === $handler) {
unset($this->_eventWildcards[$name][$i]);
$removed = true;
}
}
if ($removed) {
$this->_eventWildcards[$name] = array_values($this->_eventWildcards[$name]);
// remove empty wildcards to save future redundant regex checks:
if (empty($this->_eventWildcards[$name])) {
unset($this->_eventWildcards[$name]);
}
}
}
return $removed;
}
Defined in: yii\base\Component::on()
Attaches an event handler to an event.
The event handler must be a valid PHP callback. The following are some examples:
function ($event) { ... } // anonymous function
[$object, 'handleClick'] // $object->handleClick()
['Page', 'handleClick'] // Page::handleClick()
'handleClick' // global function handleClick()
The event handler must be defined with the following signature,
function ($event)
where $event
is an yii\base\Event object which includes parameters associated with the event.
Since 2.0.14 you can specify event name as a wildcard pattern:
$component->on('event.group.*', function ($event) {
Yii::trace($event->name . ' is triggered.');
});
See also off().
public void on ( $name, $handler, $data = null, $append = true ) | ||
$name | string |
The event name |
$handler | callable |
The event handler |
$data | mixed |
The data to be passed to the event handler when the event is triggered. When the event handler is invoked, this data can be accessed via yii\base\Event::$data. |
$append | boolean |
Whether to append new event handler to the end of the existing handler list. If false, the new handler will be inserted at the beginning of the existing handler list. |
public function on($name, $handler, $data = null, $append = true)
{
$this->ensureBehaviors();
if (strpos($name, '*') !== false) {
if ($append || empty($this->_eventWildcards[$name])) {
$this->_eventWildcards[$name][] = [$handler, $data];
} else {
array_unshift($this->_eventWildcards[$name], [$handler, $data]);
}
return;
}
if ($append || empty($this->_events[$name])) {
$this->_events[$name][] = [$handler, $data];
} else {
array_unshift($this->_events[$name], [$handler, $data]);
}
}
Defined in: yii\rbac\BaseManager::remove()
Removes a role, permission or rule from the RBAC system.
public boolean remove ( $object ) | ||
$object | yii\rbac\Role|yii\rbac\Permission|yii\rbac\Rule | |
return | boolean |
Whether the role, permission or rule is successfully removed |
---|
public function remove($object)
{
if ($object instanceof Item) {
return $this->removeItem($object);
} elseif ($object instanceof Rule) {
return $this->removeRule($object);
}
throw new InvalidArgumentException('Removing unsupported object type.');
}
Removes all authorization data, including roles, permissions, rules, and assignments.
public void removeAll ( ) |
public function removeAll()
{
$this->children = [];
$this->items = [];
$this->assignments = [];
$this->rules = [];
$this->save();
}
Removes all role assignments.
public void removeAllAssignments ( ) |
public function removeAllAssignments()
{
$this->assignments = [];
$this->saveAssignments();
}
Removes all auth items of the specified type.
protected void removeAllItems ( $type ) | ||
$type | integer |
The auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE) |
protected function removeAllItems($type)
{
$names = [];
foreach ($this->items as $name => $item) {
if ($item->type == $type) {
unset($this->items[$name]);
$names[$name] = true;
}
}
if (empty($names)) {
return;
}
foreach ($this->assignments as $i => $assignments) {
foreach ($assignments as $n => $assignment) {
if (isset($names[$assignment->roleName])) {
unset($this->assignments[$i][$n]);
}
}
}
foreach ($this->children as $name => $children) {
if (isset($names[$name])) {
unset($this->children[$name]);
} else {
foreach ($children as $childName => $item) {
if (isset($names[$childName])) {
unset($children[$childName]);
}
}
$this->children[$name] = $children;
}
}
$this->saveItems();
}
Removes all permissions.
All parent child relations will be adjusted accordingly.
public void removeAllPermissions ( ) |
public function removeAllPermissions()
{
$this->removeAllItems(Item::TYPE_PERMISSION);
}
Removes all roles.
All parent child relations will be adjusted accordingly.
public void removeAllRoles ( ) |
public function removeAllRoles()
{
$this->removeAllItems(Item::TYPE_ROLE);
}
Removes all rules.
All roles and permissions which have rules will be adjusted accordingly.
public void removeAllRules ( ) |
public function removeAllRules()
{
foreach ($this->items as $item) {
$item->ruleName = null;
}
$this->rules = [];
$this->saveRules();
}
Removes a child from its parent.
Note, the child item is not deleted. Only the parent-child relationship is removed.
public boolean removeChild ( $parent, $child ) | ||
$parent | yii\rbac\Item | |
$child | yii\rbac\Item | |
return | boolean |
Whether the removal is successful |
---|
public function removeChild($parent, $child)
{
if (isset($this->children[$parent->name][$child->name])) {
unset($this->children[$parent->name][$child->name]);
$this->saveItems();
return true;
}
return false;
}
Removed all children form their parent.
Note, the children items are not deleted. Only the parent-child relationships are removed.
public boolean removeChildren ( $parent ) | ||
$parent | yii\rbac\Item | |
return | boolean |
Whether the removal is successful |
---|
public function removeChildren($parent)
{
if (isset($this->children[$parent->name])) {
unset($this->children[$parent->name]);
$this->saveItems();
return true;
}
return false;
}
Removes an auth item from the RBAC system.
public boolean removeItem ( $item ) | ||
$item | yii\rbac\Item |
The item to remove |
return | boolean |
Whether the role or permission is successfully removed |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the role or permission is not unique) |
public function removeItem($item)
{
if (isset($this->items[$item->name])) {
foreach ($this->children as &$children) {
unset($children[$item->name]);
}
foreach ($this->assignments as &$assignments) {
unset($assignments[$item->name]);
}
unset($this->items[$item->name]);
$this->saveItems();
$this->saveAssignments();
return true;
}
return false;
}
Removes a rule from the RBAC system.
protected boolean removeRule ( $rule ) | ||
$rule | yii\rbac\Rule |
The rule to remove |
return | boolean |
Whether the rule is successfully removed |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the rule is not unique) |
protected function removeRule($rule)
{
if (isset($this->rules[$rule->name])) {
unset($this->rules[$rule->name]);
foreach ($this->items as $item) {
if ($item->ruleName === $rule->name) {
$item->ruleName = null;
}
}
$this->saveRules();
return true;
}
return false;
}
Revokes a role from a user.
public boolean revoke ( $role, $userId ) | ||
$role | yii\rbac\Role|yii\rbac\Permission | |
$userId | string|integer |
The user ID (see yii\web\User::$id) |
return | boolean |
Whether the revoking is successful |
---|
public function revoke($role, $userId)
{
if (isset($this->assignments[$userId][$role->name])) {
unset($this->assignments[$userId][$role->name]);
$this->saveAssignments();
return true;
}
return false;
}
Revokes all roles from a user.
public boolean revokeAll ( $userId ) | ||
$userId | mixed |
The user ID (see yii\web\User::$id) |
return | boolean |
Whether the revoking is successful |
---|
public function revokeAll($userId)
{
if (isset($this->assignments[$userId]) && is_array($this->assignments[$userId])) {
foreach ($this->assignments[$userId] as $itemName => $value) {
unset($this->assignments[$userId][$itemName]);
}
$this->saveAssignments();
return true;
}
return false;
}
Saves authorization data into persistent storage.
protected void save ( ) |
protected function save()
{
$this->saveItems();
$this->saveAssignments();
$this->saveRules();
}
Saves assignments data into persistent storage.
protected void saveAssignments ( ) |
protected function saveAssignments()
{
$assignmentData = [];
foreach ($this->assignments as $userId => $assignments) {
foreach ($assignments as $name => $assignment) {
/* @var $assignment Assignment */
$assignmentData[$userId][] = $assignment->roleName;
}
}
$this->saveToFile($assignmentData, $this->assignmentFile);
}
Saves items data into persistent storage.
protected void saveItems ( ) |
protected function saveItems()
{
$items = [];
foreach ($this->items as $name => $item) {
/* @var $item Item */
$items[$name] = array_filter(
[
'type' => $item->type,
'description' => $item->description,
'ruleName' => $item->ruleName,
'data' => $item->data,
]
);
if (isset($this->children[$name])) {
foreach ($this->children[$name] as $child) {
/* @var $child Item */
$items[$name]['children'][] = $child->name;
}
}
}
$this->saveToFile($items, $this->itemFile);
}
Saves rules data into persistent storage.
protected void saveRules ( ) |
protected function saveRules()
{
$rules = [];
foreach ($this->rules as $name => $rule) {
$rules[$name] = serialize($rule);
}
$this->saveToFile($rules, $this->ruleFile);
}
Saves the authorization data to a PHP script file.
See also loadFromFile().
protected void saveToFile ( $data, $file ) | ||
$data | array |
The authorization data |
$file | string |
The file path. |
protected function saveToFile($data, $file)
{
file_put_contents($file, "<?php\n\nreturn " . VarDumper::export($data) . ";\n", LOCK_EX);
$this->invalidateScriptCache($file);
}
Defined in: yii\rbac\BaseManager::setDefaultRoles()
Set default roles
public void setDefaultRoles ( $roles ) | ||
$roles | string[]|Closure |
Either array of roles or a callable returning it |
throws | yii\base\InvalidArgumentException |
when $roles is neither array nor Closure |
---|---|---|
throws | yii\base\InvalidValueException |
when Closure return is not an array |
public function setDefaultRoles($roles)
{
if (is_array($roles)) {
$this->defaultRoles = $roles;
} elseif ($roles instanceof \Closure) {
$roles = call_user_func($roles);
if (!is_array($roles)) {
throw new InvalidValueException('Default roles closure must return an array');
}
$this->defaultRoles = $roles;
} else {
throw new InvalidArgumentException('Default roles must be either an array or a callable');
}
}
Defined in: yii\base\Component::trigger()
Triggers an event.
This method represents the happening of an event. It invokes all attached handlers for the event including class-level handlers.
public void trigger ( $name, yii\base\Event $event = null ) | ||
$name | string |
The event name |
$event | yii\base\Event|null |
The event instance. If not set, a default yii\base\Event object will be created. |
public function trigger($name, Event $event = null)
{
$this->ensureBehaviors();
$eventHandlers = [];
foreach ($this->_eventWildcards as $wildcard => $handlers) {
if (StringHelper::matchWildcard($wildcard, $name)) {
$eventHandlers[] = $handlers;
}
}
if (!empty($this->_events[$name])) {
$eventHandlers[] = $this->_events[$name];
}
if (!empty($eventHandlers)) {
$eventHandlers = call_user_func_array('array_merge', $eventHandlers);
if ($event === null) {
$event = new Event();
}
if ($event->sender === null) {
$event->sender = $this;
}
$event->handled = false;
$event->name = $name;
foreach ($eventHandlers as $handler) {
$event->data = $handler[1];
call_user_func($handler[0], $event);
// stop further handling if the event is handled
if ($event->handled) {
return;
}
}
}
// invoke class-level attached handlers
Event::trigger($this, $name, $event);
}
Defined in: yii\rbac\BaseManager::update()
Updates the specified role, permission or rule in the system.
public boolean update ( $name, $object ) | ||
$name | string |
The old name of the role, permission or rule |
$object | yii\rbac\Role|yii\rbac\Permission|yii\rbac\Rule | |
return | boolean |
Whether the update is successful |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the role or permission is not unique) |
public function update($name, $object)
{
if ($object instanceof Item) {
if ($object->ruleName && $this->getRule($object->ruleName) === null) {
$rule = \Yii::createObject($object->ruleName);
$rule->name = $object->ruleName;
$this->addRule($rule);
}
return $this->updateItem($name, $object);
} elseif ($object instanceof Rule) {
return $this->updateRule($name, $object);
}
throw new InvalidArgumentException('Updating unsupported object type.');
}
Updates an auth item in the RBAC system.
protected boolean updateItem ( $name, $item ) | ||
$name | string |
The name of the item being updated |
$item | yii\rbac\Item |
The updated item |
return | boolean |
Whether the auth item is successfully updated |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the role or permission is not unique) |
protected function updateItem($name, $item)
{
if ($name !== $item->name) {
if (isset($this->items[$item->name])) {
throw new InvalidArgumentException("Unable to change the item name. The name '{$item->name}' is already used by another item.");
}
// Remove old item in case of renaming
unset($this->items[$name]);
if (isset($this->children[$name])) {
$this->children[$item->name] = $this->children[$name];
unset($this->children[$name]);
}
foreach ($this->children as &$children) {
if (isset($children[$name])) {
$children[$item->name] = $children[$name];
unset($children[$name]);
}
}
foreach ($this->assignments as &$assignments) {
if (isset($assignments[$name])) {
$assignments[$item->name] = $assignments[$name];
$assignments[$item->name]->roleName = $item->name;
unset($assignments[$name]);
}
}
$this->saveAssignments();
}
$this->items[$item->name] = $item;
$this->saveItems();
return true;
}
Updates a rule to the RBAC system.
public boolean updateRule ( $name, $rule ) | ||
$name | string |
The name of the rule being updated |
$rule | yii\rbac\Rule |
The updated rule |
return | boolean |
Whether the rule is successfully updated |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the rule is not unique) |
public function updateRule($name, $rule)
{
if ($rule->name !== $name) {
unset($this->rules[$name]);
}
$this->rules[$rule->name] = $rule;
$this->saveRules();
return true;
}