Class yii\rbac\DbManager
Inheritance | yii\rbac\DbManager » yii\rbac\BaseManager » yii\base\Component » yii\base\BaseObject |
---|---|
Implements | yii\base\Configurable, yii\rbac\ManagerInterface |
Available since version | 2.0 |
Source Code | https://github.com/yiisoft/yii2/blob/master/framework/rbac/DbManager.php |
DbManager represents an authorization manager that stores authorization information in database.
The database connection is specified by $db. The database schema could be initialized by applying migration:
yii migrate --migrationPath=@yii/rbac/migrations/
If you don't want to use migration and need SQL instead, files for all databases are in migrations directory.
You may change the names of the tables used to store the authorization and rule data by setting $itemTable, $itemChildTable, $assignmentTable and $ruleTable.
For more details and usage information on DbManager, see the guide article on security authorization.
Public Properties
Property | Type | Description | Defined By |
---|---|---|---|
$assignmentTable | string | The name of the table storing authorization item assignments. | yii\rbac\DbManager |
$behaviors | yii\base\Behavior[] | List of behaviors attached to this component. | yii\base\Component |
$cache | yii\caching\CacheInterface|array|string|null | The cache used to improve RBAC performance. | yii\rbac\DbManager |
$cacheKey | string | The key used to store RBAC data in cache | yii\rbac\DbManager |
$db | yii\db\Connection|array|string | The DB connection object or the application component ID of the DB connection. | yii\rbac\DbManager |
$defaultRoleInstances | yii\rbac\Role[] | Default roles. | yii\rbac\BaseManager |
$itemChildTable | string | The name of the table storing authorization item hierarchy. | yii\rbac\DbManager |
$itemTable | string | The name of the table storing authorization items. | yii\rbac\DbManager |
$permissions | yii\rbac\Permission[] | All permissions in the system. | yii\rbac\BaseManager |
$roles | yii\rbac\Role[] | All roles in the system. | yii\rbac\BaseManager |
$ruleTable | string | The name of the table storing rules. | yii\rbac\DbManager |
Protected Properties
Property | Type | Description | Defined By |
---|---|---|---|
$checkAccessAssignments | array | User assignments (user id => Assignment[]) | yii\rbac\DbManager |
$defaultRoles | array | A list of role names that are assigned to every user automatically without calling assign(). | yii\rbac\BaseManager |
$items | yii\rbac\Item[] | All auth items (name => Item) | yii\rbac\DbManager |
$parents | array | Auth item parent-child relationships (childName => list of parents) | yii\rbac\DbManager |
$rules | yii\rbac\Rule[] | All auth rules (name => Rule) | yii\rbac\DbManager |
Public Methods
Method | Description | Defined By |
---|---|---|
__call() | Calls the named method which is not a class method. | yii\base\Component |
__clone() | This method is called after the object is created by cloning an existing one. | yii\base\Component |
__construct() | Constructor. | yii\base\BaseObject |
__get() | Returns the value of a component property. | yii\base\Component |
__isset() | Checks if a property is set, i.e. defined and not null. | yii\base\Component |
__set() | Sets the value of a component property. | yii\base\Component |
__unset() | Sets a component property to be null. | yii\base\Component |
add() | Adds a role, permission or rule to the RBAC system. | yii\rbac\BaseManager |
addChild() | Adds an item as a child of another item. | yii\rbac\DbManager |
assign() | Assigns a role to a user. | yii\rbac\DbManager |
attachBehavior() | Attaches a behavior to this component. | yii\base\Component |
attachBehaviors() | Attaches a list of behaviors to the component. | yii\base\Component |
behaviors() | Returns a list of behaviors that this component should behave as. | yii\base\Component |
canAddChild() | Checks the possibility of adding a child to parent. | yii\rbac\DbManager |
canGetProperty() | Returns a value indicating whether a property can be read. | yii\base\Component |
canSetProperty() | Returns a value indicating whether a property can be set. | yii\base\Component |
checkAccess() | yii\rbac\DbManager | |
className() | Returns the fully qualified name of this class. | yii\base\BaseObject |
createPermission() | Creates a new Permission object. | yii\rbac\BaseManager |
createRole() | Creates a new Role object. | yii\rbac\BaseManager |
detachBehavior() | Detaches a behavior from the component. | yii\base\Component |
detachBehaviors() | Detaches all behaviors from the component. | yii\base\Component |
ensureBehaviors() | Makes sure that the behaviors declared in behaviors() are attached to this component. | yii\base\Component |
getAssignment() | Returns the assignment information regarding a role and a user. | yii\rbac\DbManager |
getAssignments() | Returns all role assignment information for the specified user. | yii\rbac\DbManager |
getBehavior() | Returns the named behavior object. | yii\base\Component |
getBehaviors() | Returns all behaviors attached to this component. | yii\base\Component |
getChildRoles() | Returns child roles of the role specified. Depth isn't limited. | yii\rbac\DbManager |
getChildren() | Returns the child permissions and/or roles. | yii\rbac\DbManager |
getDefaultRoleInstances() | Returns defaultRoles as array of Role objects. | yii\rbac\BaseManager |
getDefaultRoles() | Get default roles | yii\rbac\BaseManager |
getPermission() | Returns the named permission. | yii\rbac\BaseManager |
getPermissions() | Returns all permissions in the system. | yii\rbac\BaseManager |
getPermissionsByRole() | Returns all permissions that the specified role represents. | yii\rbac\DbManager |
getPermissionsByUser() | Returns all permissions that the user has. | yii\rbac\DbManager |
getRole() | Returns the named role. | yii\rbac\BaseManager |
getRoles() | Returns all roles in the system. | yii\rbac\BaseManager |
getRolesByUser() | {@inheritdoc} The roles returned by this method include the roles assigned via $defaultRoles. | yii\rbac\DbManager |
getRule() | Returns the rule of the specified name. | yii\rbac\DbManager |
getRules() | Returns all rules available in the system. | yii\rbac\DbManager |
getUserIdsByRole() | Returns all role assignment information for the specified role. | yii\rbac\DbManager |
hasChild() | Returns a value indicating whether the child already exists for the parent. | yii\rbac\DbManager |
hasEventHandlers() | Returns a value indicating whether there is any handler attached to the named event. | yii\base\Component |
hasMethod() | Returns a value indicating whether a method is defined. | yii\base\Component |
hasProperty() | Returns a value indicating whether a property is defined for this component. | yii\base\Component |
init() | Initializes the application component. | yii\rbac\DbManager |
invalidateCache() | yii\rbac\DbManager | |
loadFromCache() | yii\rbac\DbManager | |
off() | Detaches an existing event handler from this component. | yii\base\Component |
on() | Attaches an event handler to an event. | yii\base\Component |
remove() | Removes a role, permission or rule from the RBAC system. | yii\rbac\BaseManager |
removeAll() | Removes all authorization data, including roles, permissions, rules, and assignments. | yii\rbac\DbManager |
removeAllAssignments() | Removes all role assignments. | yii\rbac\DbManager |
removeAllPermissions() | Removes all permissions. | yii\rbac\DbManager |
removeAllRoles() | Removes all roles. | yii\rbac\DbManager |
removeAllRules() | Removes all rules. | yii\rbac\DbManager |
removeChild() | Removes a child from its parent. | yii\rbac\DbManager |
removeChildren() | Removed all children form their parent. | yii\rbac\DbManager |
revoke() | Revokes a role from a user. | yii\rbac\DbManager |
revokeAll() | Revokes all roles from a user. | yii\rbac\DbManager |
setDefaultRoles() | Set default roles | yii\rbac\BaseManager |
trigger() | Triggers an event. | yii\base\Component |
update() | Updates the specified role, permission or rule in the system. | yii\rbac\BaseManager |
Protected Methods
Method | Description | Defined By |
---|---|---|
addItem() | Adds an auth item to the RBAC system. | yii\rbac\DbManager |
addRule() | Adds a rule to the RBAC system. | yii\rbac\DbManager |
checkAccessFromCache() | Performs access check for the specified user based on the data loaded from cache. | yii\rbac\DbManager |
checkAccessRecursive() | Performs access check for the specified user. | yii\rbac\DbManager |
detectLoop() | Checks whether there is a loop in the authorization item hierarchy. | yii\rbac\DbManager |
executeRule() | Executes the rule associated with the specified auth item. | yii\rbac\BaseManager |
getChildrenList() | Returns the children for every parent. | yii\rbac\DbManager |
getChildrenRecursive() | Recursively finds all children and grand children of the specified item. | yii\rbac\DbManager |
getDirectPermissionsByUser() | Returns all permissions that are directly assigned to user. | yii\rbac\DbManager |
getInheritedPermissionsByUser() | Returns all permissions that the user inherits from the roles assigned to him. | yii\rbac\DbManager |
getItem() | Returns the named auth item. | yii\rbac\DbManager |
getItems() | Returns the items of the specified type. | yii\rbac\DbManager |
hasNoAssignments() | Checks whether array of $assignments is empty and $defaultRoles property is empty as well. | yii\rbac\BaseManager |
isEmptyUserId() | Check whether $userId is empty. | yii\rbac\DbManager |
populateItem() | Populates an auth item with the data fetched from database. | yii\rbac\DbManager |
removeAllItems() | Removes all auth items of the specified type. | yii\rbac\DbManager |
removeItem() | Removes an auth item from the RBAC system. | yii\rbac\DbManager |
removeRule() | Removes a rule from the RBAC system. | yii\rbac\DbManager |
supportsCascadeUpdate() | Returns a value indicating whether the database supports cascading update and delete. | yii\rbac\DbManager |
updateItem() | Updates an auth item in the RBAC system. | yii\rbac\DbManager |
updateRule() | Updates a rule to the RBAC system. | yii\rbac\DbManager |
Property Details
The name of the table storing authorization item assignments. Defaults to "auth_assignment".
The cache used to improve RBAC performance. This can be one of the following:
- an application component ID (e.g.
cache
) - a configuration array
- a yii\caching\Cache object
When this is not set, it means caching is not enabled.
Note that by enabling RBAC cache, all auth items, rules and auth item parent-child relationships will be cached and loaded into memory. This will improve the performance of RBAC permission check. However, it does require extra memory and as a result may not be appropriate if your RBAC system contains too many auth items. You should seek other RBAC implementations (e.g. RBAC based on Redis storage) in this case.
Also note that if you modify RBAC items, rules or parent-child relationships from outside of this component, you have to manually call invalidateCache() to ensure data consistency.
The key used to store RBAC data in cache
See also $cache.
User assignments (user id => Assignment[])
The DB connection object or the application component ID of the DB connection. After the DbManager object is created, if you want to change this property, you should only assign it with a DB connection object. Starting from version 2.0.2, this can also be a configuration array for creating the object.
The name of the table storing authorization item hierarchy. Defaults to "auth_item_child".
The name of the table storing authorization items. Defaults to "auth_item".
Auth item parent-child relationships (childName => list of parents)
The name of the table storing rules. Defaults to "auth_rule".
Method Details
Defined in: yii\base\Component::__call()
Calls the named method which is not a class method.
This method will check if any attached behavior has the named method and will execute it if available.
Do not call this method directly as it is a PHP magic method that will be implicitly called when an unknown method is being invoked.
public mixed __call ( $name, $params ) | ||
$name | string |
The method name |
$params | array |
Method parameters |
return | mixed |
The method return value |
---|---|---|
throws | yii\base\UnknownMethodException |
when calling unknown method |
public function __call($name, $params)
{
$this->ensureBehaviors();
foreach ($this->_behaviors as $object) {
if ($object->hasMethod($name)) {
return call_user_func_array([$object, $name], $params);
}
}
throw new UnknownMethodException('Calling unknown method: ' . get_class($this) . "::$name()");
}
Defined in: yii\base\Component::__clone()
This method is called after the object is created by cloning an existing one.
It removes all behaviors because they are attached to the old object.
public void __clone ( ) |
public function __clone()
{
$this->_events = [];
$this->_eventWildcards = [];
$this->_behaviors = null;
}
Defined in: yii\base\BaseObject::__construct()
Constructor.
The default implementation does two things:
- Initializes the object with the given configuration
$config
. - Call init().
If this method is overridden in a child class, it is recommended that
- the last parameter of the constructor is a configuration array, like
$config
here. - call the parent implementation at the end of the constructor.
public void __construct ( $config = [] ) | ||
$config | array |
Name-value pairs that will be used to initialize the object properties |
public function __construct($config = [])
{
if (!empty($config)) {
Yii::configure($this, $config);
}
$this->init();
}
Defined in: yii\base\Component::__get()
Returns the value of a component property.
This method will check in the following order and act accordingly:
- a property defined by a getter: return the getter result
- a property of a behavior: return the behavior property value
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing $value = $component->property;
.
See also __set().
public mixed __get ( $name ) | ||
$name | string |
The property name |
return | mixed |
The property value or the value of a behavior's property |
---|---|---|
throws | yii\base\UnknownPropertyException |
if the property is not defined |
throws | yii\base\InvalidCallException |
if the property is write-only. |
public function __get($name)
{
$getter = 'get' . $name;
if (method_exists($this, $getter)) {
// read property, e.g. getName()
return $this->$getter();
}
// behavior property
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canGetProperty($name)) {
return $behavior->$name;
}
}
if (method_exists($this, 'set' . $name)) {
throw new InvalidCallException('Getting write-only property: ' . get_class($this) . '::' . $name);
}
throw new UnknownPropertyException('Getting unknown property: ' . get_class($this) . '::' . $name);
}
Defined in: yii\base\Component::__isset()
Checks if a property is set, i.e. defined and not null.
This method will check in the following order and act accordingly:
- a property defined by a setter: return whether the property is set
- a property of a behavior: return whether the property is set
- return
false
for non existing properties
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing isset($component->property)
.
public boolean __isset ( $name ) | ||
$name | string |
The property name or the event name |
return | boolean |
Whether the named property is set |
---|
public function __isset($name)
{
$getter = 'get' . $name;
if (method_exists($this, $getter)) {
return $this->$getter() !== null;
}
// behavior property
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canGetProperty($name)) {
return $behavior->$name !== null;
}
}
return false;
}
Defined in: yii\base\Component::__set()
Sets the value of a component property.
This method will check in the following order and act accordingly:
- a property defined by a setter: set the property value
- an event in the format of "on xyz": attach the handler to the event "xyz"
- a behavior in the format of "as xyz": attach the behavior named as "xyz"
- a property of a behavior: set the behavior property value
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing $component->property = $value;
.
See also __get().
public void __set ( $name, $value ) | ||
$name | string |
The property name or the event name |
$value | mixed |
The property value |
throws | yii\base\UnknownPropertyException |
if the property is not defined |
---|---|---|
throws | yii\base\InvalidCallException |
if the property is read-only. |
public function __set($name, $value)
{
$setter = 'set' . $name;
if (method_exists($this, $setter)) {
// set property
$this->$setter($value);
return;
} elseif (strncmp($name, 'on ', 3) === 0) {
// on event: attach event handler
$this->on(trim(substr($name, 3)), $value);
return;
} elseif (strncmp($name, 'as ', 3) === 0) {
// as behavior: attach behavior
$name = trim(substr($name, 3));
$this->attachBehavior($name, $value instanceof Behavior ? $value : Yii::createObject($value));
return;
}
// behavior property
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canSetProperty($name)) {
$behavior->$name = $value;
return;
}
}
if (method_exists($this, 'get' . $name)) {
throw new InvalidCallException('Setting read-only property: ' . get_class($this) . '::' . $name);
}
throw new UnknownPropertyException('Setting unknown property: ' . get_class($this) . '::' . $name);
}
Defined in: yii\base\Component::__unset()
Sets a component property to be null.
This method will check in the following order and act accordingly:
- a property defined by a setter: set the property value to be null
- a property of a behavior: set the property value to be null
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing unset($component->property)
.
public void __unset ( $name ) | ||
$name | string |
The property name |
throws | yii\base\InvalidCallException |
if the property is read only. |
---|
public function __unset($name)
{
$setter = 'set' . $name;
if (method_exists($this, $setter)) {
$this->$setter(null);
return;
}
// behavior property
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canSetProperty($name)) {
$behavior->$name = null;
return;
}
}
throw new InvalidCallException('Unsetting an unknown or read-only property: ' . get_class($this) . '::' . $name);
}
Defined in: yii\rbac\BaseManager::add()
Adds a role, permission or rule to the RBAC system.
public boolean add ( $object ) | ||
$object | yii\rbac\Role|yii\rbac\Permission|yii\rbac\Rule | |
return | boolean |
Whether the role, permission or rule is successfully added to the system |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the role or permission is not unique) |
public function add($object)
{
if ($object instanceof Item) {
if ($object->ruleName && $this->getRule($object->ruleName) === null) {
$rule = \Yii::createObject($object->ruleName);
$rule->name = $object->ruleName;
$this->addRule($rule);
}
return $this->addItem($object);
} elseif ($object instanceof Rule) {
return $this->addRule($object);
}
throw new InvalidArgumentException('Adding unsupported object type.');
}
Adds an item as a child of another item.
public boolean addChild ( $parent, $child ) | ||
$parent | yii\rbac\Item | |
$child | yii\rbac\Item | |
return | boolean |
Whether the child successfully added |
---|---|---|
throws | yii\base\Exception |
if the parent-child relationship already exists or if a loop has been detected. |
public function addChild($parent, $child)
{
if ($parent->name === $child->name) {
throw new InvalidArgumentException("Cannot add '{$parent->name}' as a child of itself.");
}
if ($parent instanceof Permission && $child instanceof Role) {
throw new InvalidArgumentException('Cannot add a role as a child of a permission.');
}
if ($this->detectLoop($parent, $child)) {
throw new InvalidCallException("Cannot add '{$child->name}' as a child of '{$parent->name}'. A loop has been detected.");
}
$this->db->createCommand()
->insert($this->itemChildTable, ['parent' => $parent->name, 'child' => $child->name])
->execute();
$this->invalidateCache();
return true;
}
Adds an auth item to the RBAC system.
protected boolean addItem ( $item ) | ||
$item | yii\rbac\Item |
The item to add |
return | boolean |
Whether the auth item is successfully added to the system |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the role or permission is not unique) |
protected function addItem($item)
{
$time = time();
if ($item->createdAt === null) {
$item->createdAt = $time;
}
if ($item->updatedAt === null) {
$item->updatedAt = $time;
}
$this->db->createCommand()
->insert($this->itemTable, [
'name' => $item->name,
'type' => $item->type,
'description' => $item->description,
'rule_name' => $item->ruleName,
'data' => $item->data === null ? null : serialize($item->data),
'created_at' => $item->createdAt,
'updated_at' => $item->updatedAt,
])->execute();
$this->invalidateCache();
return true;
}
Adds a rule to the RBAC system.
protected boolean addRule ( $rule ) | ||
$rule | yii\rbac\Rule |
The rule to add |
return | boolean |
Whether the rule is successfully added to the system |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the rule is not unique) |
protected function addRule($rule)
{
$time = time();
if ($rule->createdAt === null) {
$rule->createdAt = $time;
}
if ($rule->updatedAt === null) {
$rule->updatedAt = $time;
}
$this->db->createCommand()
->insert($this->ruleTable, [
'name' => $rule->name,
'data' => serialize($rule),
'created_at' => $rule->createdAt,
'updated_at' => $rule->updatedAt,
])->execute();
$this->invalidateCache();
return true;
}
Assigns a role to a user.
public yii\rbac\Assignment assign ( $role, $userId ) | ||
$role | yii\rbac\Role|yii\rbac\Permission | |
$userId | string|integer |
The user ID (see yii\web\User::$id) |
return | yii\rbac\Assignment |
The role assignment information. |
---|---|---|
throws | Exception |
if the role has already been assigned to the user |
public function assign($role, $userId)
{
$assignment = new Assignment([
'userId' => $userId,
'roleName' => $role->name,
'createdAt' => time(),
]);
$this->db->createCommand()
->insert($this->assignmentTable, [
'user_id' => $assignment->userId,
'item_name' => $assignment->roleName,
'created_at' => $assignment->createdAt,
])->execute();
unset($this->checkAccessAssignments[(string) $userId]);
return $assignment;
}
Defined in: yii\base\Component::attachBehavior()
Attaches a behavior to this component.
This method will create the behavior object based on the given configuration. After that, the behavior object will be attached to this component by calling the yii\base\Behavior::attach() method.
See also detachBehavior().
public yii\base\Behavior attachBehavior ( $name, $behavior ) | ||
$name | string |
The name of the behavior. |
$behavior | string|array|yii\base\Behavior |
The behavior configuration. This can be one of the following:
|
return | yii\base\Behavior |
The behavior object |
---|
public function attachBehavior($name, $behavior)
{
$this->ensureBehaviors();
return $this->attachBehaviorInternal($name, $behavior);
}
Defined in: yii\base\Component::attachBehaviors()
Attaches a list of behaviors to the component.
Each behavior is indexed by its name and should be a yii\base\Behavior object, a string specifying the behavior class, or an configuration array for creating the behavior.
See also attachBehavior().
public void attachBehaviors ( $behaviors ) | ||
$behaviors | array |
List of behaviors to be attached to the component |
public function attachBehaviors($behaviors)
{
$this->ensureBehaviors();
foreach ($behaviors as $name => $behavior) {
$this->attachBehaviorInternal($name, $behavior);
}
}
Defined in: yii\base\Component::behaviors()
Returns a list of behaviors that this component should behave as.
Child classes may override this method to specify the behaviors they want to behave as.
The return value of this method should be an array of behavior objects or configurations indexed by behavior names. A behavior configuration can be either a string specifying the behavior class or an array of the following structure:
'behaviorName' => [
'class' => 'BehaviorClass',
'property1' => 'value1',
'property2' => 'value2',
]
Note that a behavior class must extend from yii\base\Behavior. Behaviors can be attached using a name or anonymously. When a name is used as the array key, using this name, the behavior can later be retrieved using getBehavior() or be detached using detachBehavior(). Anonymous behaviors can not be retrieved or detached.
Behaviors declared in this method will be attached to the component automatically (on demand).
public array behaviors ( ) | ||
return | array |
The behavior configurations. |
---|
public function behaviors()
{
return [];
}
Checks the possibility of adding a child to parent.
public boolean canAddChild ( $parent, $child ) | ||
$parent | yii\rbac\Item |
The parent item |
$child | yii\rbac\Item |
The child item to be added to the hierarchy |
return | boolean |
Possibility of adding |
---|
public function canAddChild($parent, $child)
{
return !$this->detectLoop($parent, $child);
}
Defined in: yii\base\Component::canGetProperty()
Returns a value indicating whether a property can be read.
A property can be read if:
- the class has a getter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVars
is true); - an attached behavior has a readable property of the given name (when
$checkBehaviors
is true).
See also canSetProperty().
public boolean canGetProperty ( $name, $checkVars = true, $checkBehaviors = true ) | ||
$name | string |
The property name |
$checkVars | boolean |
Whether to treat member variables as properties |
$checkBehaviors | boolean |
Whether to treat behaviors' properties as properties of this component |
return | boolean |
Whether the property can be read |
---|
public function canGetProperty($name, $checkVars = true, $checkBehaviors = true)
{
if (method_exists($this, 'get' . $name) || $checkVars && property_exists($this, $name)) {
return true;
} elseif ($checkBehaviors) {
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canGetProperty($name, $checkVars)) {
return true;
}
}
}
return false;
}
Defined in: yii\base\Component::canSetProperty()
Returns a value indicating whether a property can be set.
A property can be written if:
- the class has a setter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVars
is true); - an attached behavior has a writable property of the given name (when
$checkBehaviors
is true).
See also canGetProperty().
public boolean canSetProperty ( $name, $checkVars = true, $checkBehaviors = true ) | ||
$name | string |
The property name |
$checkVars | boolean |
Whether to treat member variables as properties |
$checkBehaviors | boolean |
Whether to treat behaviors' properties as properties of this component |
return | boolean |
Whether the property can be written |
---|
public function canSetProperty($name, $checkVars = true, $checkBehaviors = true)
{
if (method_exists($this, 'set' . $name) || $checkVars && property_exists($this, $name)) {
return true;
} elseif ($checkBehaviors) {
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canSetProperty($name, $checkVars)) {
return true;
}
}
}
return false;
}
public void checkAccess ( $userId, $permissionName, $params = [] ) | ||
$userId | ||
$permissionName | ||
$params |
public function checkAccess($userId, $permissionName, $params = [])
{
if (isset($this->checkAccessAssignments[(string) $userId])) {
$assignments = $this->checkAccessAssignments[(string) $userId];
} else {
$assignments = $this->getAssignments($userId);
$this->checkAccessAssignments[(string) $userId] = $assignments;
}
if ($this->hasNoAssignments($assignments)) {
return false;
}
$this->loadFromCache();
if ($this->items !== null) {
return $this->checkAccessFromCache($userId, $permissionName, $params, $assignments);
}
return $this->checkAccessRecursive($userId, $permissionName, $params, $assignments);
}
Performs access check for the specified user based on the data loaded from cache.
This method is internally called by checkAccess() when $cache is enabled.
protected boolean checkAccessFromCache ( $user, $itemName, $params, $assignments ) | ||
$user | string|integer |
The user ID. This should can be either an integer or a string representing the unique identifier of a user. See yii\web\User::$id. |
$itemName | string |
The name of the operation that need access check |
$params | array |
Name-value pairs that would be passed to rules associated
with the tasks and roles assigned to the user. A param with name 'user' is added to this array,
which holds the value of |
$assignments | yii\rbac\Assignment[] |
The assignments to the specified user |
return | boolean |
Whether the operations can be performed by the user. |
---|
protected function checkAccessFromCache($user, $itemName, $params, $assignments)
{
if (!isset($this->items[$itemName])) {
return false;
}
$item = $this->items[$itemName];
Yii::debug($item instanceof Role ? "Checking role: $itemName" : "Checking permission: $itemName", __METHOD__);
if (!$this->executeRule($user, $item, $params)) {
return false;
}
if (isset($assignments[$itemName]) || in_array($itemName, $this->defaultRoles)) {
return true;
}
if (!empty($this->parents[$itemName])) {
foreach ($this->parents[$itemName] as $parent) {
if ($this->checkAccessFromCache($user, $parent, $params, $assignments)) {
return true;
}
}
}
return false;
}
Performs access check for the specified user.
This method is internally called by checkAccess().
protected boolean checkAccessRecursive ( $user, $itemName, $params, $assignments ) | ||
$user | string|integer |
The user ID. This should can be either an integer or a string representing the unique identifier of a user. See yii\web\User::$id. |
$itemName | string |
The name of the operation that need access check |
$params | array |
Name-value pairs that would be passed to rules associated
with the tasks and roles assigned to the user. A param with name 'user' is added to this array,
which holds the value of |
$assignments | yii\rbac\Assignment[] |
The assignments to the specified user |
return | boolean |
Whether the operations can be performed by the user. |
---|
protected function checkAccessRecursive($user, $itemName, $params, $assignments)
{
if (($item = $this->getItem($itemName)) === null) {
return false;
}
Yii::debug($item instanceof Role ? "Checking role: $itemName" : "Checking permission: $itemName", __METHOD__);
if (!$this->executeRule($user, $item, $params)) {
return false;
}
if (isset($assignments[$itemName]) || in_array($itemName, $this->defaultRoles)) {
return true;
}
$query = new Query();
$parents = $query->select(['parent'])
->from($this->itemChildTable)
->where(['child' => $itemName])
->column($this->db);
foreach ($parents as $parent) {
if ($this->checkAccessRecursive($user, $parent, $params, $assignments)) {
return true;
}
}
return false;
}
::class
instead.
Defined in: yii\base\BaseObject::className()
Returns the fully qualified name of this class.
public static string className ( ) | ||
return | string |
The fully qualified name of this class. |
---|
public static function className()
{
return get_called_class();
}
Defined in: yii\rbac\BaseManager::createPermission()
Creates a new Permission object.
Note that the newly created permission is not added to the RBAC system yet. You must fill in the needed data and call add() to add it to the system.
public yii\rbac\Permission createPermission ( $name ) | ||
$name | string |
The permission name |
return | yii\rbac\Permission |
The new Permission object |
---|
public function createPermission($name)
{
$permission = new Permission();
$permission->name = $name;
return $permission;
}
Defined in: yii\rbac\BaseManager::createRole()
Creates a new Role object.
Note that the newly created role is not added to the RBAC system yet. You must fill in the needed data and call add() to add it to the system.
public yii\rbac\Role createRole ( $name ) | ||
$name | string |
The role name |
return | yii\rbac\Role |
The new Role object |
---|
public function createRole($name)
{
$role = new Role();
$role->name = $name;
return $role;
}
Defined in: yii\base\Component::detachBehavior()
Detaches a behavior from the component.
The behavior's yii\base\Behavior::detach() method will be invoked.
public yii\base\Behavior|null detachBehavior ( $name ) | ||
$name | string |
The behavior's name. |
return | yii\base\Behavior|null |
The detached behavior. Null if the behavior does not exist. |
---|
public function detachBehavior($name)
{
$this->ensureBehaviors();
if (isset($this->_behaviors[$name])) {
$behavior = $this->_behaviors[$name];
unset($this->_behaviors[$name]);
$behavior->detach();
return $behavior;
}
return null;
}
Defined in: yii\base\Component::detachBehaviors()
Detaches all behaviors from the component.
public void detachBehaviors ( ) |
public function detachBehaviors()
{
$this->ensureBehaviors();
foreach ($this->_behaviors as $name => $behavior) {
$this->detachBehavior($name);
}
}
Checks whether there is a loop in the authorization item hierarchy.
protected boolean detectLoop ( $parent, $child ) | ||
$parent | yii\rbac\Item |
The parent item |
$child | yii\rbac\Item |
The child item to be added to the hierarchy |
return | boolean |
Whether a loop exists |
---|
protected function detectLoop($parent, $child)
{
if ($child->name === $parent->name) {
return true;
}
foreach ($this->getChildren($child->name) as $grandchild) {
if ($this->detectLoop($parent, $grandchild)) {
return true;
}
}
return false;
}
Defined in: yii\base\Component::ensureBehaviors()
Makes sure that the behaviors declared in behaviors() are attached to this component.
public void ensureBehaviors ( ) |
public function ensureBehaviors()
{
if ($this->_behaviors === null) {
$this->_behaviors = [];
foreach ($this->behaviors() as $name => $behavior) {
$this->attachBehaviorInternal($name, $behavior);
}
}
}
Defined in: yii\rbac\BaseManager::executeRule()
Executes the rule associated with the specified auth item.
If the item does not specify a rule, this method will return true. Otherwise, it will return the value of yii\rbac\Rule::execute().
protected boolean executeRule ( $user, $item, $params ) | ||
$user | string|integer |
The user ID. This should be either an integer or a string representing the unique identifier of a user. See yii\web\User::$id. |
$item | yii\rbac\Item |
The auth item that needs to execute its rule |
$params | array |
Parameters passed to yii\rbac\CheckAccessInterface::checkAccess() and will be passed to the rule |
return | boolean |
The return value of yii\rbac\Rule::execute(). If the auth item does not specify a rule, true will be returned. |
---|---|---|
throws | yii\base\InvalidConfigException |
if the auth item has an invalid rule. |
protected function executeRule($user, $item, $params)
{
if ($item->ruleName === null) {
return true;
}
$rule = $this->getRule($item->ruleName);
if ($rule instanceof Rule) {
return $rule->execute($user, $item, $params);
}
throw new InvalidConfigException("Rule not found: {$item->ruleName}");
}
Returns the assignment information regarding a role and a user.
public yii\rbac\Assignment|null getAssignment ( $roleName, $userId ) | ||
$roleName | string |
The role name |
$userId | string|integer |
The user ID (see yii\web\User::$id) |
return | yii\rbac\Assignment|null |
The assignment information. Null is returned if the role is not assigned to the user. |
---|
public function getAssignment($roleName, $userId)
{
if ($this->isEmptyUserId($userId)) {
return null;
}
$row = (new Query())->from($this->assignmentTable)
->where(['user_id' => (string) $userId, 'item_name' => $roleName])
->one($this->db);
if ($row === false) {
return null;
}
return new Assignment([
'userId' => $row['user_id'],
'roleName' => $row['item_name'],
'createdAt' => $row['created_at'],
]);
}
Returns all role assignment information for the specified user.
public yii\rbac\Assignment[] getAssignments ( $userId ) | ||
$userId | string|integer |
The user ID (see yii\web\User::$id) |
return | yii\rbac\Assignment[] |
The assignments indexed by role names. An empty array will be returned if there is no role assigned to the user. |
---|
public function getAssignments($userId)
{
if ($this->isEmptyUserId($userId)) {
return [];
}
$query = (new Query())
->from($this->assignmentTable)
->where(['user_id' => (string) $userId]);
$assignments = [];
foreach ($query->all($this->db) as $row) {
$assignments[$row['item_name']] = new Assignment([
'userId' => $row['user_id'],
'roleName' => $row['item_name'],
'createdAt' => $row['created_at'],
]);
}
return $assignments;
}
Defined in: yii\base\Component::getBehavior()
Returns the named behavior object.
public yii\base\Behavior|null getBehavior ( $name ) | ||
$name | string |
The behavior name |
return | yii\base\Behavior|null |
The behavior object, or null if the behavior does not exist |
---|
public function getBehavior($name)
{
$this->ensureBehaviors();
return isset($this->_behaviors[$name]) ? $this->_behaviors[$name] : null;
}
Defined in: yii\base\Component::getBehaviors()
Returns all behaviors attached to this component.
public yii\base\Behavior[] getBehaviors ( ) | ||
return | yii\base\Behavior[] |
List of behaviors attached to this component |
---|
public function getBehaviors()
{
$this->ensureBehaviors();
return $this->_behaviors;
}
Returns child roles of the role specified. Depth isn't limited.
public yii\rbac\Role[] getChildRoles ( $roleName ) | ||
$roleName | string |
Name of the role to file child roles for |
return | yii\rbac\Role[] |
Child roles. The array is indexed by the role names. First element is an instance of the parent Role itself. |
---|---|---|
throws | yii\base\InvalidParamException |
if Role was not found that are getting by $roleName |
public function getChildRoles($roleName)
{
$role = $this->getRole($roleName);
if ($role === null) {
throw new InvalidArgumentException("Role \"$roleName\" not found.");
}
$result = [];
$this->getChildrenRecursive($roleName, $this->getChildrenList(), $result);
$roles = [$roleName => $role];
$roles += array_filter($this->getRoles(), function (Role $roleItem) use ($result) {
return array_key_exists($roleItem->name, $result);
});
return $roles;
}
Returns the child permissions and/or roles.
public yii\rbac\Item[] getChildren ( $name ) | ||
$name | string |
The parent name |
return | yii\rbac\Item[] |
The child permissions and/or roles |
---|
public function getChildren($name)
{
$query = (new Query())
->select(['name', 'type', 'description', 'rule_name', 'data', 'created_at', 'updated_at'])
->from([$this->itemTable, $this->itemChildTable])
->where(['parent' => $name, 'name' => new Expression('[[child]]')]);
$children = [];
foreach ($query->all($this->db) as $row) {
$children[$row['name']] = $this->populateItem($row);
}
return $children;
}
Returns the children for every parent.
protected array getChildrenList ( ) | ||
return | array |
The children list. Each array key is a parent item name, and the corresponding array value is a list of child item names. |
---|
protected function getChildrenList()
{
$query = (new Query())->from($this->itemChildTable);
$parents = [];
foreach ($query->all($this->db) as $row) {
$parents[$row['parent']][] = $row['child'];
}
return $parents;
}
Recursively finds all children and grand children of the specified item.
protected void getChildrenRecursive ( $name, $childrenList, &$result ) | ||
$name | string |
The name of the item whose children are to be looked for. |
$childrenList | array |
The child list built via getChildrenList() |
$result | array |
The children and grand children (in array keys) |
protected function getChildrenRecursive($name, $childrenList, &$result)
{
if (isset($childrenList[$name])) {
foreach ($childrenList[$name] as $child) {
$result[$child] = true;
$this->getChildrenRecursive($child, $childrenList, $result);
}
}
}
Defined in: yii\rbac\BaseManager::getDefaultRoleInstances()
Returns defaultRoles as array of Role objects.
public yii\rbac\Role[] getDefaultRoleInstances ( ) | ||
return | yii\rbac\Role[] |
Default roles. The array is indexed by the role names |
---|
public function getDefaultRoleInstances()
{
$result = [];
foreach ($this->defaultRoles as $roleName) {
$result[$roleName] = $this->createRole($roleName);
}
return $result;
}
Defined in: yii\rbac\BaseManager::getDefaultRoles()
Get default roles
public string[] getDefaultRoles ( ) | ||
return | string[] |
Default roles |
---|
public function getDefaultRoles()
{
return $this->defaultRoles;
}
Returns all permissions that are directly assigned to user.
protected yii\rbac\Permission[] getDirectPermissionsByUser ( $userId ) | ||
$userId | string|integer |
The user ID (see yii\web\User::$id) |
return | yii\rbac\Permission[] |
All direct permissions that the user has. The array is indexed by the permission names. |
---|
protected function getDirectPermissionsByUser($userId)
{
$query = (new Query())->select('b.*')
->from(['a' => $this->assignmentTable, 'b' => $this->itemTable])
->where('{{a}}.[[item_name]]={{b}}.[[name]]')
->andWhere(['a.user_id' => (string) $userId])
->andWhere(['b.type' => Item::TYPE_PERMISSION]);
$permissions = [];
foreach ($query->all($this->db) as $row) {
$permissions[$row['name']] = $this->populateItem($row);
}
return $permissions;
}
Returns all permissions that the user inherits from the roles assigned to him.
protected yii\rbac\Permission[] getInheritedPermissionsByUser ( $userId ) | ||
$userId | string|integer |
The user ID (see yii\web\User::$id) |
return | yii\rbac\Permission[] |
All inherited permissions that the user has. The array is indexed by the permission names. |
---|
protected function getInheritedPermissionsByUser($userId)
{
$query = (new Query())->select('item_name')
->from($this->assignmentTable)
->where(['user_id' => (string) $userId]);
$childrenList = $this->getChildrenList();
$result = [];
foreach ($query->column($this->db) as $roleName) {
$this->getChildrenRecursive($roleName, $childrenList, $result);
}
if (empty($result)) {
return [];
}
$query = (new Query())->from($this->itemTable)->where([
'type' => Item::TYPE_PERMISSION,
'name' => array_keys($result),
]);
$permissions = [];
foreach ($query->all($this->db) as $row) {
$permissions[$row['name']] = $this->populateItem($row);
}
return $permissions;
}
Returns the named auth item.
protected yii\rbac\Item|null getItem ( $name ) | ||
$name | string |
The auth item name. |
return | yii\rbac\Item|null |
The auth item corresponding to the specified name. Null is returned if no such item. |
---|
protected function getItem($name)
{
if (empty($name)) {
return null;
}
if (!empty($this->items[$name])) {
return $this->items[$name];
}
$row = (new Query())->from($this->itemTable)
->where(['name' => $name])
->one($this->db);
if ($row === false) {
return null;
}
return $this->populateItem($row);
}
Returns the items of the specified type.
protected yii\rbac\Item[] getItems ( $type ) | ||
$type | integer |
The auth item type (either yii\rbac\Item::TYPE_ROLE or yii\rbac\Item::TYPE_PERMISSION |
return | yii\rbac\Item[] |
The auth items of the specified type. |
---|
protected function getItems($type)
{
$query = (new Query())
->from($this->itemTable)
->where(['type' => $type]);
$items = [];
foreach ($query->all($this->db) as $row) {
$items[$row['name']] = $this->populateItem($row);
}
return $items;
}
Defined in: yii\rbac\BaseManager::getPermission()
Returns the named permission.
public yii\rbac\Permission|null getPermission ( $name ) | ||
$name | string |
The permission name. |
return | yii\rbac\Permission|null |
The permission corresponding to the specified name. Null is returned if no such permission. |
---|
public function getPermission($name)
{
$item = $this->getItem($name);
return $item instanceof Item && $item->type == Item::TYPE_PERMISSION ? $item : null;
}
Defined in: yii\rbac\BaseManager::getPermissions()
Returns all permissions in the system.
public yii\rbac\Permission[] getPermissions ( ) | ||
return | yii\rbac\Permission[] |
All permissions in the system. The array is indexed by the permission names. |
---|
public function getPermissions()
{
return $this->getItems(Item::TYPE_PERMISSION);
}
Returns all permissions that the specified role represents.
public yii\rbac\Permission[] getPermissionsByRole ( $roleName ) | ||
$roleName | string |
The role name |
return | yii\rbac\Permission[] |
All permissions that the role represents. The array is indexed by the permission names. |
---|
public function getPermissionsByRole($roleName)
{
$childrenList = $this->getChildrenList();
$result = [];
$this->getChildrenRecursive($roleName, $childrenList, $result);
if (empty($result)) {
return [];
}
$query = (new Query())->from($this->itemTable)->where([
'type' => Item::TYPE_PERMISSION,
'name' => array_keys($result),
]);
$permissions = [];
foreach ($query->all($this->db) as $row) {
$permissions[$row['name']] = $this->populateItem($row);
}
return $permissions;
}
Returns all permissions that the user has.
public yii\rbac\Permission[] getPermissionsByUser ( $userId ) | ||
$userId | string|integer |
The user ID (see yii\web\User::$id) |
return | yii\rbac\Permission[] |
All permissions that the user has. The array is indexed by the permission names. |
---|
public function getPermissionsByUser($userId)
{
if ($this->isEmptyUserId($userId)) {
return [];
}
$directPermission = $this->getDirectPermissionsByUser($userId);
$inheritedPermission = $this->getInheritedPermissionsByUser($userId);
return array_merge($directPermission, $inheritedPermission);
}
Defined in: yii\rbac\BaseManager::getRole()
Returns the named role.
public yii\rbac\Role|null getRole ( $name ) | ||
$name | string |
The role name. |
return | yii\rbac\Role|null |
The role corresponding to the specified name. Null is returned if no such role. |
---|
public function getRole($name)
{
$item = $this->getItem($name);
return $item instanceof Item && $item->type == Item::TYPE_ROLE ? $item : null;
}
Defined in: yii\rbac\BaseManager::getRoles()
Returns all roles in the system.
public yii\rbac\Role[] getRoles ( ) | ||
return | yii\rbac\Role[] |
All roles in the system. The array is indexed by the role names. |
---|
public function getRoles()
{
return $this->getItems(Item::TYPE_ROLE);
}
{@inheritdoc} The roles returned by this method include the roles assigned via $defaultRoles.
public void getRolesByUser ( $userId ) | ||
$userId |
public function getRolesByUser($userId)
{
if ($this->isEmptyUserId($userId)) {
return [];
}
$query = (new Query())->select('b.*')
->from(['a' => $this->assignmentTable, 'b' => $this->itemTable])
->where('{{a}}.[[item_name]]={{b}}.[[name]]')
->andWhere(['a.user_id' => (string) $userId])
->andWhere(['b.type' => Item::TYPE_ROLE]);
$roles = $this->getDefaultRoleInstances();
foreach ($query->all($this->db) as $row) {
$roles[$row['name']] = $this->populateItem($row);
}
return $roles;
}
Returns the rule of the specified name.
public yii\rbac\Rule|null getRule ( $name ) | ||
$name | string |
The rule name |
return | yii\rbac\Rule|null |
The rule object, or null if the specified name does not correspond to a rule. |
---|
public function getRule($name)
{
if ($this->rules !== null) {
return isset($this->rules[$name]) ? $this->rules[$name] : null;
}
$row = (new Query())->select(['data'])
->from($this->ruleTable)
->where(['name' => $name])
->one($this->db);
if ($row === false) {
return null;
}
$data = $row['data'];
if (is_resource($data)) {
$data = stream_get_contents($data);
}
if (!$data) {
return null;
}
return unserialize($data);
}
Returns all rules available in the system.
public yii\rbac\Rule[] getRules ( ) | ||
return | yii\rbac\Rule[] |
The rules indexed by the rule names |
---|
public function getRules()
{
if ($this->rules !== null) {
return $this->rules;
}
$query = (new Query())->from($this->ruleTable);
$rules = [];
foreach ($query->all($this->db) as $row) {
$data = $row['data'];
if (is_resource($data)) {
$data = stream_get_contents($data);
}
if ($data) {
$rules[$row['name']] = unserialize($data);
}
}
return $rules;
}
Returns all role assignment information for the specified role.
public string[] getUserIdsByRole ( $roleName ) | ||
$roleName | string | |
return | string[] |
The ids. An empty array will be returned if role is not assigned to any user. |
---|
public function getUserIdsByRole($roleName)
{
if (empty($roleName)) {
return [];
}
return (new Query())->select('[[user_id]]')
->from($this->assignmentTable)
->where(['item_name' => $roleName])->column($this->db);
}
Returns a value indicating whether the child already exists for the parent.
public boolean hasChild ( $parent, $child ) | ||
$parent | yii\rbac\Item | |
$child | yii\rbac\Item | |
return | boolean |
Whether |
---|
public function hasChild($parent, $child)
{
return (new Query())
->from($this->itemChildTable)
->where(['parent' => $parent->name, 'child' => $child->name])
->one($this->db) !== false;
}
Defined in: yii\base\Component::hasEventHandlers()
Returns a value indicating whether there is any handler attached to the named event.
public boolean hasEventHandlers ( $name ) | ||
$name | string |
The event name |
return | boolean |
Whether there is any handler attached to the event. |
---|
public function hasEventHandlers($name)
{
$this->ensureBehaviors();
if (!empty($this->_events[$name])) {
return true;
}
foreach ($this->_eventWildcards as $wildcard => $handlers) {
if (!empty($handlers) && StringHelper::matchWildcard($wildcard, $name)) {
return true;
}
}
return Event::hasHandlers($this, $name);
}
Defined in: yii\base\Component::hasMethod()
Returns a value indicating whether a method is defined.
A method is defined if:
- the class has a method with the specified name
- an attached behavior has a method with the given name (when
$checkBehaviors
is true).
public boolean hasMethod ( $name, $checkBehaviors = true ) | ||
$name | string |
The property name |
$checkBehaviors | boolean |
Whether to treat behaviors' methods as methods of this component |
return | boolean |
Whether the method is defined |
---|
public function hasMethod($name, $checkBehaviors = true)
{
if (method_exists($this, $name)) {
return true;
} elseif ($checkBehaviors) {
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->hasMethod($name)) {
return true;
}
}
}
return false;
}
Defined in: yii\rbac\BaseManager::hasNoAssignments()
Checks whether array of $assignments is empty and $defaultRoles property is empty as well.
protected boolean hasNoAssignments ( array $assignments ) | ||
$assignments | yii\rbac\Assignment[] |
Array of user's assignments |
return | boolean |
Whether array of $assignments is empty and $defaultRoles property is empty as well |
---|
protected function hasNoAssignments(array $assignments)
{
return empty($assignments) && empty($this->defaultRoles);
}
Defined in: yii\base\Component::hasProperty()
Returns a value indicating whether a property is defined for this component.
A property is defined if:
- the class has a getter or setter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVars
is true); - an attached behavior has a property of the given name (when
$checkBehaviors
is true).
See also:
public boolean hasProperty ( $name, $checkVars = true, $checkBehaviors = true ) | ||
$name | string |
The property name |
$checkVars | boolean |
Whether to treat member variables as properties |
$checkBehaviors | boolean |
Whether to treat behaviors' properties as properties of this component |
return | boolean |
Whether the property is defined |
---|
public function hasProperty($name, $checkVars = true, $checkBehaviors = true)
{
return $this->canGetProperty($name, $checkVars, $checkBehaviors) || $this->canSetProperty($name, false, $checkBehaviors);
}
Initializes the application component.
This method overrides the parent implementation by establishing the database connection.
public void init ( ) |
public function init()
{
parent::init();
$this->db = Instance::ensure($this->db, Connection::className());
if ($this->cache !== null) {
$this->cache = Instance::ensure($this->cache, 'yii\caching\CacheInterface');
}
}
public void invalidateCache ( ) |
public function invalidateCache()
{
if ($this->cache !== null) {
$this->cache->delete($this->cacheKey);
$this->items = null;
$this->rules = null;
$this->parents = null;
}
$this->checkAccessAssignments = [];
}
Check whether $userId is empty.
protected boolean isEmptyUserId ( $userId ) | ||
$userId | mixed |
protected function isEmptyUserId($userId)
{
return !isset($userId) || $userId === '';
}
public void loadFromCache ( ) |
public function loadFromCache()
{
if ($this->items !== null || !$this->cache instanceof CacheInterface) {
return;
}
$data = $this->cache->get($this->cacheKey);
if (is_array($data) && isset($data[0], $data[1], $data[2])) {
list($this->items, $this->rules, $this->parents) = $data;
return;
}
$query = (new Query())->from($this->itemTable);
$this->items = [];
foreach ($query->all($this->db) as $row) {
$this->items[$row['name']] = $this->populateItem($row);
}
$query = (new Query())->from($this->ruleTable);
$this->rules = [];
foreach ($query->all($this->db) as $row) {
$data = $row['data'];
if (is_resource($data)) {
$data = stream_get_contents($data);
}
if ($data) {
$this->rules[$row['name']] = unserialize($data);
}
}
$query = (new Query())->from($this->itemChildTable);
$this->parents = [];
foreach ($query->all($this->db) as $row) {
if (isset($this->items[$row['child']])) {
$this->parents[$row['child']][] = $row['parent'];
}
}
$this->cache->set($this->cacheKey, [$this->items, $this->rules, $this->parents]);
}
Defined in: yii\base\Component::off()
Detaches an existing event handler from this component.
This method is the opposite of on().
Note: in case wildcard pattern is passed for event name, only the handlers registered with this wildcard will be removed, while handlers registered with plain names matching this wildcard will remain.
See also on().
public boolean off ( $name, $handler = null ) | ||
$name | string |
Event name |
$handler | callable|null |
The event handler to be removed. If it is null, all handlers attached to the named event will be removed. |
return | boolean |
If a handler is found and detached |
---|
public function off($name, $handler = null)
{
$this->ensureBehaviors();
if (empty($this->_events[$name]) && empty($this->_eventWildcards[$name])) {
return false;
}
if ($handler === null) {
unset($this->_events[$name], $this->_eventWildcards[$name]);
return true;
}
$removed = false;
// plain event names
if (isset($this->_events[$name])) {
foreach ($this->_events[$name] as $i => $event) {
if ($event[0] === $handler) {
unset($this->_events[$name][$i]);
$removed = true;
}
}
if ($removed) {
$this->_events[$name] = array_values($this->_events[$name]);
return true;
}
}
// wildcard event names
if (isset($this->_eventWildcards[$name])) {
foreach ($this->_eventWildcards[$name] as $i => $event) {
if ($event[0] === $handler) {
unset($this->_eventWildcards[$name][$i]);
$removed = true;
}
}
if ($removed) {
$this->_eventWildcards[$name] = array_values($this->_eventWildcards[$name]);
// remove empty wildcards to save future redundant regex checks:
if (empty($this->_eventWildcards[$name])) {
unset($this->_eventWildcards[$name]);
}
}
}
return $removed;
}
Defined in: yii\base\Component::on()
Attaches an event handler to an event.
The event handler must be a valid PHP callback. The following are some examples:
function ($event) { ... } // anonymous function
[$object, 'handleClick'] // $object->handleClick()
['Page', 'handleClick'] // Page::handleClick()
'handleClick' // global function handleClick()
The event handler must be defined with the following signature,
function ($event)
where $event
is an yii\base\Event object which includes parameters associated with the event.
Since 2.0.14 you can specify event name as a wildcard pattern:
$component->on('event.group.*', function ($event) {
Yii::trace($event->name . ' is triggered.');
});
See also off().
public void on ( $name, $handler, $data = null, $append = true ) | ||
$name | string |
The event name |
$handler | callable |
The event handler |
$data | mixed |
The data to be passed to the event handler when the event is triggered. When the event handler is invoked, this data can be accessed via yii\base\Event::$data. |
$append | boolean |
Whether to append new event handler to the end of the existing handler list. If false, the new handler will be inserted at the beginning of the existing handler list. |
public function on($name, $handler, $data = null, $append = true)
{
$this->ensureBehaviors();
if (strpos($name, '*') !== false) {
if ($append || empty($this->_eventWildcards[$name])) {
$this->_eventWildcards[$name][] = [$handler, $data];
} else {
array_unshift($this->_eventWildcards[$name], [$handler, $data]);
}
return;
}
if ($append || empty($this->_events[$name])) {
$this->_events[$name][] = [$handler, $data];
} else {
array_unshift($this->_events[$name], [$handler, $data]);
}
}
Populates an auth item with the data fetched from database.
protected yii\rbac\Item populateItem ( $row ) | ||
$row | array |
The data from the auth item table |
return | yii\rbac\Item |
The populated auth item instance (either Role or Permission) |
---|
protected function populateItem($row)
{
$class = $row['type'] == Item::TYPE_PERMISSION ? Permission::className() : Role::className();
if (!isset($row['data']) || ($data = @unserialize(is_resource($row['data']) ? stream_get_contents($row['data']) : $row['data'])) === false) {
$data = null;
}
return new $class([
'name' => $row['name'],
'type' => $row['type'],
'description' => $row['description'],
'ruleName' => $row['rule_name'] ?: null,
'data' => $data,
'createdAt' => $row['created_at'],
'updatedAt' => $row['updated_at'],
]);
}
Defined in: yii\rbac\BaseManager::remove()
Removes a role, permission or rule from the RBAC system.
public boolean remove ( $object ) | ||
$object | yii\rbac\Role|yii\rbac\Permission|yii\rbac\Rule | |
return | boolean |
Whether the role, permission or rule is successfully removed |
---|
public function remove($object)
{
if ($object instanceof Item) {
return $this->removeItem($object);
} elseif ($object instanceof Rule) {
return $this->removeRule($object);
}
throw new InvalidArgumentException('Removing unsupported object type.');
}
Removes all authorization data, including roles, permissions, rules, and assignments.
public void removeAll ( ) |
public function removeAll()
{
$this->removeAllAssignments();
$this->db->createCommand()->delete($this->itemChildTable)->execute();
$this->db->createCommand()->delete($this->itemTable)->execute();
$this->db->createCommand()->delete($this->ruleTable)->execute();
$this->invalidateCache();
}
Removes all role assignments.
public void removeAllAssignments ( ) |
public function removeAllAssignments()
{
$this->checkAccessAssignments = [];
$this->db->createCommand()->delete($this->assignmentTable)->execute();
}
Removes all auth items of the specified type.
protected void removeAllItems ( $type ) | ||
$type | integer |
The auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE) |
protected function removeAllItems($type)
{
if (!$this->supportsCascadeUpdate()) {
$names = (new Query())
->select(['name'])
->from($this->itemTable)
->where(['type' => $type])
->column($this->db);
if (empty($names)) {
return;
}
$key = $type == Item::TYPE_PERMISSION ? 'child' : 'parent';
$this->db->createCommand()
->delete($this->itemChildTable, [$key => $names])
->execute();
$this->db->createCommand()
->delete($this->assignmentTable, ['item_name' => $names])
->execute();
}
$this->db->createCommand()
->delete($this->itemTable, ['type' => $type])
->execute();
$this->invalidateCache();
}
Removes all permissions.
All parent child relations will be adjusted accordingly.
public void removeAllPermissions ( ) |
public function removeAllPermissions()
{
$this->removeAllItems(Item::TYPE_PERMISSION);
}
Removes all roles.
All parent child relations will be adjusted accordingly.
public void removeAllRoles ( ) |
public function removeAllRoles()
{
$this->removeAllItems(Item::TYPE_ROLE);
}
Removes all rules.
All roles and permissions which have rules will be adjusted accordingly.
public void removeAllRules ( ) |
public function removeAllRules()
{
if (!$this->supportsCascadeUpdate()) {
$this->db->createCommand()
->update($this->itemTable, ['rule_name' => null])
->execute();
}
$this->db->createCommand()->delete($this->ruleTable)->execute();
$this->invalidateCache();
}
Removes a child from its parent.
Note, the child item is not deleted. Only the parent-child relationship is removed.
public boolean removeChild ( $parent, $child ) | ||
$parent | yii\rbac\Item | |
$child | yii\rbac\Item | |
return | boolean |
Whether the removal is successful |
---|
public function removeChild($parent, $child)
{
$result = $this->db->createCommand()
->delete($this->itemChildTable, ['parent' => $parent->name, 'child' => $child->name])
->execute() > 0;
$this->invalidateCache();
return $result;
}
Removed all children form their parent.
Note, the children items are not deleted. Only the parent-child relationships are removed.
public boolean removeChildren ( $parent ) | ||
$parent | yii\rbac\Item | |
return | boolean |
Whether the removal is successful |
---|
public function removeChildren($parent)
{
$result = $this->db->createCommand()
->delete($this->itemChildTable, ['parent' => $parent->name])
->execute() > 0;
$this->invalidateCache();
return $result;
}
Removes an auth item from the RBAC system.
protected boolean removeItem ( $item ) | ||
$item | yii\rbac\Item |
The item to remove |
return | boolean |
Whether the role or permission is successfully removed |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the role or permission is not unique) |
protected function removeItem($item)
{
if (!$this->supportsCascadeUpdate()) {
$this->db->createCommand()
->delete($this->itemChildTable, ['or', '[[parent]]=:parent', '[[child]]=:child'], [':parent' => $item->name, ':child' => $item->name])
->execute();
$this->db->createCommand()
->delete($this->assignmentTable, ['item_name' => $item->name])
->execute();
}
$this->db->createCommand()
->delete($this->itemTable, ['name' => $item->name])
->execute();
$this->invalidateCache();
return true;
}
Removes a rule from the RBAC system.
protected boolean removeRule ( $rule ) | ||
$rule | yii\rbac\Rule |
The rule to remove |
return | boolean |
Whether the rule is successfully removed |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the rule is not unique) |
protected function removeRule($rule)
{
if (!$this->supportsCascadeUpdate()) {
$this->db->createCommand()
->update($this->itemTable, ['rule_name' => null], ['rule_name' => $rule->name])
->execute();
}
$this->db->createCommand()
->delete($this->ruleTable, ['name' => $rule->name])
->execute();
$this->invalidateCache();
return true;
}
Revokes a role from a user.
public boolean revoke ( $role, $userId ) | ||
$role | yii\rbac\Role|yii\rbac\Permission | |
$userId | string|integer |
The user ID (see yii\web\User::$id) |
return | boolean |
Whether the revoking is successful |
---|
public function revoke($role, $userId)
{
if ($this->isEmptyUserId($userId)) {
return false;
}
unset($this->checkAccessAssignments[(string) $userId]);
return $this->db->createCommand()
->delete($this->assignmentTable, ['user_id' => (string) $userId, 'item_name' => $role->name])
->execute() > 0;
}
Revokes all roles from a user.
public boolean revokeAll ( $userId ) | ||
$userId | mixed |
The user ID (see yii\web\User::$id) |
return | boolean |
Whether the revoking is successful |
---|
public function revokeAll($userId)
{
if ($this->isEmptyUserId($userId)) {
return false;
}
unset($this->checkAccessAssignments[(string) $userId]);
return $this->db->createCommand()
->delete($this->assignmentTable, ['user_id' => (string) $userId])
->execute() > 0;
}
Defined in: yii\rbac\BaseManager::setDefaultRoles()
Set default roles
public void setDefaultRoles ( $roles ) | ||
$roles | string[]|Closure |
Either array of roles or a callable returning it |
throws | yii\base\InvalidArgumentException |
when $roles is neither array nor Closure |
---|---|---|
throws | yii\base\InvalidValueException |
when Closure return is not an array |
public function setDefaultRoles($roles)
{
if (is_array($roles)) {
$this->defaultRoles = $roles;
} elseif ($roles instanceof \Closure) {
$roles = call_user_func($roles);
if (!is_array($roles)) {
throw new InvalidValueException('Default roles closure must return an array');
}
$this->defaultRoles = $roles;
} else {
throw new InvalidArgumentException('Default roles must be either an array or a callable');
}
}
Returns a value indicating whether the database supports cascading update and delete.
The default implementation will return false for SQLite database and true for all other databases.
protected boolean supportsCascadeUpdate ( ) | ||
return | boolean |
Whether the database supports cascading update and delete. |
---|
protected function supportsCascadeUpdate()
{
return strncmp($this->db->getDriverName(), 'sqlite', 6) !== 0;
}
Defined in: yii\base\Component::trigger()
Triggers an event.
This method represents the happening of an event. It invokes all attached handlers for the event including class-level handlers.
public void trigger ( $name, yii\base\Event $event = null ) | ||
$name | string |
The event name |
$event | yii\base\Event|null |
The event instance. If not set, a default yii\base\Event object will be created. |
public function trigger($name, Event $event = null)
{
$this->ensureBehaviors();
$eventHandlers = [];
foreach ($this->_eventWildcards as $wildcard => $handlers) {
if (StringHelper::matchWildcard($wildcard, $name)) {
$eventHandlers[] = $handlers;
}
}
if (!empty($this->_events[$name])) {
$eventHandlers[] = $this->_events[$name];
}
if (!empty($eventHandlers)) {
$eventHandlers = call_user_func_array('array_merge', $eventHandlers);
if ($event === null) {
$event = new Event();
}
if ($event->sender === null) {
$event->sender = $this;
}
$event->handled = false;
$event->name = $name;
foreach ($eventHandlers as $handler) {
$event->data = $handler[1];
call_user_func($handler[0], $event);
// stop further handling if the event is handled
if ($event->handled) {
return;
}
}
}
// invoke class-level attached handlers
Event::trigger($this, $name, $event);
}
Defined in: yii\rbac\BaseManager::update()
Updates the specified role, permission or rule in the system.
public boolean update ( $name, $object ) | ||
$name | string |
The old name of the role, permission or rule |
$object | yii\rbac\Role|yii\rbac\Permission|yii\rbac\Rule | |
return | boolean |
Whether the update is successful |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the role or permission is not unique) |
public function update($name, $object)
{
if ($object instanceof Item) {
if ($object->ruleName && $this->getRule($object->ruleName) === null) {
$rule = \Yii::createObject($object->ruleName);
$rule->name = $object->ruleName;
$this->addRule($rule);
}
return $this->updateItem($name, $object);
} elseif ($object instanceof Rule) {
return $this->updateRule($name, $object);
}
throw new InvalidArgumentException('Updating unsupported object type.');
}
Updates an auth item in the RBAC system.
protected boolean updateItem ( $name, $item ) | ||
$name | string |
The name of the item being updated |
$item | yii\rbac\Item |
The updated item |
return | boolean |
Whether the auth item is successfully updated |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the role or permission is not unique) |
protected function updateItem($name, $item)
{
if ($item->name !== $name && !$this->supportsCascadeUpdate()) {
$this->db->createCommand()
->update($this->itemChildTable, ['parent' => $item->name], ['parent' => $name])
->execute();
$this->db->createCommand()
->update($this->itemChildTable, ['child' => $item->name], ['child' => $name])
->execute();
$this->db->createCommand()
->update($this->assignmentTable, ['item_name' => $item->name], ['item_name' => $name])
->execute();
}
$item->updatedAt = time();
$this->db->createCommand()
->update($this->itemTable, [
'name' => $item->name,
'description' => $item->description,
'rule_name' => $item->ruleName,
'data' => $item->data === null ? null : serialize($item->data),
'updated_at' => $item->updatedAt,
], [
'name' => $name,
])->execute();
$this->invalidateCache();
return true;
}
Updates a rule to the RBAC system.
protected boolean updateRule ( $name, $rule ) | ||
$name | string |
The name of the rule being updated |
$rule | yii\rbac\Rule |
The updated rule |
return | boolean |
Whether the rule is successfully updated |
---|---|---|
throws | Exception |
if data validation or saving fails (such as the name of the rule is not unique) |
protected function updateRule($name, $rule)
{
if ($rule->name !== $name && !$this->supportsCascadeUpdate()) {
$this->db->createCommand()
->update($this->itemTable, ['rule_name' => $rule->name], ['rule_name' => $name])
->execute();
}
$rule->updatedAt = time();
$this->db->createCommand()
->update($this->ruleTable, [
'name' => $rule->name,
'data' => serialize($rule),
'updated_at' => $rule->updatedAt,
], [
'name' => $name,
])->execute();
$this->invalidateCache();
return true;
}