Class yii\rbac\DbManager
| Inheritance | yii\rbac\DbManager » yii\rbac\BaseManager » yii\base\Component » yii\base\BaseObject |
|---|---|
| Implements | yii\base\Configurable, yii\rbac\ManagerInterface |
| Available since version | 2.0 |
| Source Code | https://github.com/yiisoft/yii2/blob/master/framework/rbac/DbManager.php |
DbManager represents an authorization manager that stores authorization information in database.
The database connection is specified by $db. The database schema could be initialized by applying migration:
yii migrate --migrationPath=@yii/rbac/migrations/
If you don't want to use migration and need SQL instead, files for all databases are in migrations directory.
You may change the names of the tables used to store the authorization and rule data by setting $itemTable, $itemChildTable, $assignmentTable and $ruleTable.
For more details and usage information on DbManager, see the guide article on security authorization.
Public Properties
| Property | Type | Description | Defined By |
|---|---|---|---|
| $assignmentTable | string | The name of the table storing authorization item assignments. | yii\rbac\DbManager |
| $cache | yii\caching\CacheInterface|array|string | The cache used to improve RBAC performance. | yii\rbac\DbManager |
| $cacheKey | string | The key used to store RBAC data in cache | yii\rbac\DbManager |
| $db | yii\db\Connection|array|string | The DB connection object or the application component ID of the DB connection. | yii\rbac\DbManager |
| $itemChildTable | string | The name of the table storing authorization item hierarchy. | yii\rbac\DbManager |
| $itemTable | string | The name of the table storing authorization items. | yii\rbac\DbManager |
| $ruleTable | string | The name of the table storing rules. | yii\rbac\DbManager |
Protected Properties
| Property | Type | Description | Defined By |
|---|---|---|---|
| $checkAccessAssignments | array | User assignments (user id => Assignment[]) | yii\rbac\DbManager |
| $defaultRoles | array | A list of role names that are assigned to every user automatically without calling assign(). | yii\rbac\BaseManager |
| $items | yii\rbac\Item[] | All auth items (name => Item) | yii\rbac\DbManager |
| $parents | array | Auth item parent-child relationships (childName => list of parents) | yii\rbac\DbManager |
| $rules | yii\rbac\Rule[] | All auth rules (name => Rule) | yii\rbac\DbManager |
Public Methods
| Method | Description | Defined By |
|---|---|---|
| __call() | Calls the named method which is not a class method. | yii\base\Component |
| __clone() | This method is called after the object is created by cloning an existing one. | yii\base\Component |
| __construct() | Constructor. | yii\base\BaseObject |
| __get() | Returns the value of a component property. | yii\base\Component |
| __isset() | Checks if a property is set, i.e. defined and not null. | yii\base\Component |
| __set() | Sets the value of a component property. | yii\base\Component |
| __unset() | Sets a component property to be null. | yii\base\Component |
| add() | {@inheritdoc} | yii\rbac\BaseManager |
| addChild() | {@inheritdoc} | yii\rbac\DbManager |
| assign() | {@inheritdoc} | yii\rbac\DbManager |
| attachBehavior() | Attaches a behavior to this component. | yii\base\Component |
| attachBehaviors() | Attaches a list of behaviors to the component. | yii\base\Component |
| behaviors() | Returns a list of behaviors that this component should behave as. | yii\base\Component |
| canAddChild() | {@inheritdoc} | yii\rbac\DbManager |
| canGetProperty() | Returns a value indicating whether a property can be read. | yii\base\Component |
| canSetProperty() | Returns a value indicating whether a property can be set. | yii\base\Component |
| checkAccess() | {@inheritdoc} | yii\rbac\DbManager |
| className() | Returns the fully qualified name of this class. | yii\base\BaseObject |
| createPermission() | {@inheritdoc} | yii\rbac\BaseManager |
| createRole() | {@inheritdoc} | yii\rbac\BaseManager |
| detachBehavior() | Detaches a behavior from the component. | yii\base\Component |
| detachBehaviors() | Detaches all behaviors from the component. | yii\base\Component |
| ensureBehaviors() | Makes sure that the behaviors declared in behaviors() are attached to this component. | yii\base\Component |
| getAssignment() | {@inheritdoc} | yii\rbac\DbManager |
| getAssignments() | {@inheritdoc} | yii\rbac\DbManager |
| getBehavior() | Returns the named behavior object. | yii\base\Component |
| getBehaviors() | Returns all behaviors attached to this component. | yii\base\Component |
| getChildRoles() | {@inheritdoc} | yii\rbac\DbManager |
| getChildren() | {@inheritdoc} | yii\rbac\DbManager |
| getDefaultRoleInstances() | Returns defaultRoles as array of Role objects. | yii\rbac\BaseManager |
| getDefaultRoles() | Get default roles | yii\rbac\BaseManager |
| getPermission() | {@inheritdoc} | yii\rbac\BaseManager |
| getPermissions() | {@inheritdoc} | yii\rbac\BaseManager |
| getPermissionsByRole() | {@inheritdoc} | yii\rbac\DbManager |
| getPermissionsByUser() | {@inheritdoc} | yii\rbac\DbManager |
| getRole() | {@inheritdoc} | yii\rbac\BaseManager |
| getRoles() | {@inheritdoc} | yii\rbac\BaseManager |
| getRolesByUser() | {@inheritdoc} The roles returned by this method include the roles assigned via $defaultRoles. | yii\rbac\DbManager |
| getRule() | {@inheritdoc} | yii\rbac\DbManager |
| getRules() | {@inheritdoc} | yii\rbac\DbManager |
| getUserIdsByRole() | Returns all role assignment information for the specified role. | yii\rbac\DbManager |
| hasChild() | {@inheritdoc} | yii\rbac\DbManager |
| hasEventHandlers() | Returns a value indicating whether there is any handler attached to the named event. | yii\base\Component |
| hasMethod() | Returns a value indicating whether a method is defined. | yii\base\Component |
| hasProperty() | Returns a value indicating whether a property is defined for this component. | yii\base\Component |
| init() | Initializes the application component. | yii\rbac\DbManager |
| invalidateCache() | yii\rbac\DbManager | |
| loadFromCache() | yii\rbac\DbManager | |
| off() | Detaches an existing event handler from this component. | yii\base\Component |
| on() | Attaches an event handler to an event. | yii\base\Component |
| remove() | {@inheritdoc} | yii\rbac\BaseManager |
| removeAll() | {@inheritdoc} | yii\rbac\DbManager |
| removeAllAssignments() | {@inheritdoc} | yii\rbac\DbManager |
| removeAllPermissions() | {@inheritdoc} | yii\rbac\DbManager |
| removeAllRoles() | {@inheritdoc} | yii\rbac\DbManager |
| removeAllRules() | {@inheritdoc} | yii\rbac\DbManager |
| removeChild() | {@inheritdoc} | yii\rbac\DbManager |
| removeChildren() | {@inheritdoc} | yii\rbac\DbManager |
| revoke() | {@inheritdoc} | yii\rbac\DbManager |
| revokeAll() | {@inheritdoc} | yii\rbac\DbManager |
| setDefaultRoles() | Set default roles | yii\rbac\BaseManager |
| trigger() | Triggers an event. | yii\base\Component |
| update() | {@inheritdoc} | yii\rbac\BaseManager |
Protected Methods
| Method | Description | Defined By |
|---|---|---|
| addItem() | {@inheritdoc} | yii\rbac\DbManager |
| addRule() | {@inheritdoc} | yii\rbac\DbManager |
| checkAccessFromCache() | Performs access check for the specified user based on the data loaded from cache. | yii\rbac\DbManager |
| checkAccessRecursive() | Performs access check for the specified user. | yii\rbac\DbManager |
| detectLoop() | Checks whether there is a loop in the authorization item hierarchy. | yii\rbac\DbManager |
| executeRule() | Executes the rule associated with the specified auth item. | yii\rbac\BaseManager |
| getChildrenList() | Returns the children for every parent. | yii\rbac\DbManager |
| getChildrenRecursive() | Recursively finds all children and grand children of the specified item. | yii\rbac\DbManager |
| getDirectPermissionsByUser() | Returns all permissions that are directly assigned to user. | yii\rbac\DbManager |
| getInheritedPermissionsByUser() | Returns all permissions that the user inherits from the roles assigned to him. | yii\rbac\DbManager |
| getItem() | {@inheritdoc} | yii\rbac\DbManager |
| getItems() | {@inheritdoc} | yii\rbac\DbManager |
| hasNoAssignments() | Checks whether array of $assignments is empty and $defaultRoles property is empty as well. | yii\rbac\BaseManager |
| isEmptyUserId() | Check whether $userId is empty. | yii\rbac\DbManager |
| populateItem() | Populates an auth item with the data fetched from database. | yii\rbac\DbManager |
| removeAllItems() | Removes all auth items of the specified type. | yii\rbac\DbManager |
| removeItem() | {@inheritdoc} | yii\rbac\DbManager |
| removeRule() | {@inheritdoc} | yii\rbac\DbManager |
| supportsCascadeUpdate() | Returns a value indicating whether the database supports cascading update and delete. | yii\rbac\DbManager |
| updateItem() | {@inheritdoc} | yii\rbac\DbManager |
| updateRule() | {@inheritdoc} | yii\rbac\DbManager |
Property Details
The name of the table storing authorization item assignments. Defaults to "auth_assignment".
The cache used to improve RBAC performance. This can be one of the following:
- an application component ID (e.g.
cache) - a configuration array
- a yii\caching\Cache object
When this is not set, it means caching is not enabled.
Note that by enabling RBAC cache, all auth items, rules and auth item parent-child relationships will be cached and loaded into memory. This will improve the performance of RBAC permission check. However, it does require extra memory and as a result may not be appropriate if your RBAC system contains too many auth items. You should seek other RBAC implementations (e.g. RBAC based on Redis storage) in this case.
Also note that if you modify RBAC items, rules or parent-child relationships from outside of this component, you have to manually call invalidateCache() to ensure data consistency.
The key used to store RBAC data in cache
See also $cache.
User assignments (user id => Assignment[])
The DB connection object or the application component ID of the DB connection. After the DbManager object is created, if you want to change this property, you should only assign it with a DB connection object. Starting from version 2.0.2, this can also be a configuration array for creating the object.
The name of the table storing authorization item hierarchy. Defaults to "auth_item_child".
The name of the table storing authorization items. Defaults to "auth_item".
All auth items (name => Item)
Auth item parent-child relationships (childName => list of parents)
The name of the table storing rules. Defaults to "auth_rule".
All auth rules (name => Rule)
Method Details
{@inheritdoc}
| public void addChild ( $parent, $child ) | ||
| $parent | ||
| $child | ||
{@inheritdoc}
| protected void addItem ( $item ) | ||
| $item | ||
{@inheritdoc}
| protected void addRule ( $rule ) | ||
| $rule | ||
{@inheritdoc}
| public void assign ( $role, $userId ) | ||
| $role | ||
| $userId | ||
{@inheritdoc}
| public void canAddChild ( $parent, $child ) | ||
| $parent | ||
| $child | ||
{@inheritdoc}
| public void checkAccess ( $userId, $permissionName, $params = [] ) | ||
| $userId | ||
| $permissionName | ||
| $params | ||
Performs access check for the specified user based on the data loaded from cache.
This method is internally called by checkAccess() when $cache is enabled.
| protected boolean checkAccessFromCache ( $user, $itemName, $params, $assignments ) | ||
| $user | string|integer | The user ID. This should can be either an integer or a string representing the unique identifier of a user. See yii\web\User::id. |
| $itemName | string | The name of the operation that need access check |
| $params | array | Name-value pairs that would be passed to rules associated
with the tasks and roles assigned to the user. A param with name 'user' is added to this array,
which holds the value of |
| $assignments | yii\rbac\Assignment[] | The assignments to the specified user |
| return | boolean | Whether the operations can be performed by the user. |
|---|---|---|
Performs access check for the specified user.
This method is internally called by checkAccess().
| protected boolean checkAccessRecursive ( $user, $itemName, $params, $assignments ) | ||
| $user | string|integer | The user ID. This should can be either an integer or a string representing the unique identifier of a user. See yii\web\User::id. |
| $itemName | string | The name of the operation that need access check |
| $params | array | Name-value pairs that would be passed to rules associated
with the tasks and roles assigned to the user. A param with name 'user' is added to this array,
which holds the value of |
| $assignments | yii\rbac\Assignment[] | The assignments to the specified user |
| return | boolean | Whether the operations can be performed by the user. |
|---|---|---|
Checks whether there is a loop in the authorization item hierarchy.
| protected boolean detectLoop ( $parent, $child ) | ||
| $parent | yii\rbac\Item | The parent item |
| $child | yii\rbac\Item | The child item to be added to the hierarchy |
| return | boolean | Whether a loop exists |
|---|---|---|
{@inheritdoc}
| public void getAssignment ( $roleName, $userId ) | ||
| $roleName | ||
| $userId | ||
{@inheritdoc}
| public void getAssignments ( $userId ) | ||
| $userId | ||
{@inheritdoc}
| public void getChildRoles ( $roleName ) | ||
| $roleName | ||
{@inheritdoc}
| public void getChildren ( $name ) | ||
| $name | ||
Returns the children for every parent.
| protected array getChildrenList ( ) | ||
| return | array | The children list. Each array key is a parent item name, and the corresponding array value is a list of child item names. |
|---|---|---|
Recursively finds all children and grand children of the specified item.
| protected void getChildrenRecursive ( $name, $childrenList, &$result ) | ||
| $name | string | The name of the item whose children are to be looked for. |
| $childrenList | array | The child list built via getChildrenList() |
| $result | array | The children and grand children (in array keys) |
Returns all permissions that are directly assigned to user.
| protected yii\rbac\Permission[] getDirectPermissionsByUser ( $userId ) | ||
| $userId | string|integer | The user ID (see yii\web\User::id) |
| return | yii\rbac\Permission[] | All direct permissions that the user has. The array is indexed by the permission names. |
|---|---|---|
Returns all permissions that the user inherits from the roles assigned to him.
| protected yii\rbac\Permission[] getInheritedPermissionsByUser ( $userId ) | ||
| $userId | string|integer | The user ID (see yii\web\User::id) |
| return | yii\rbac\Permission[] | All inherited permissions that the user has. The array is indexed by the permission names. |
|---|---|---|
{@inheritdoc}
| protected void getItem ( $name ) | ||
| $name | ||
{@inheritdoc}
| protected void getItems ( $type ) | ||
| $type | ||
{@inheritdoc}
| public void getPermissionsByRole ( $roleName ) | ||
| $roleName | ||
{@inheritdoc}
| public void getPermissionsByUser ( $userId ) | ||
| $userId | ||
{@inheritdoc} The roles returned by this method include the roles assigned via $defaultRoles.
| public void getRolesByUser ( $userId ) | ||
| $userId | ||
{@inheritdoc}
| public void getRule ( $name ) | ||
| $name | ||
{@inheritdoc}
| public void getRules ( ) |
Returns all role assignment information for the specified role.
| public string[] getUserIdsByRole ( $roleName ) | ||
| $roleName | string | |
| return | string[] | The ids. An empty array will be returned if role is not assigned to any user. |
|---|---|---|
{@inheritdoc}
| public void hasChild ( $parent, $child ) | ||
| $parent | ||
| $child | ||
Initializes the application component.
This method overrides the parent implementation by establishing the database connection.
| public void init ( ) |
| public void invalidateCache ( ) |
Check whether $userId is empty.
| protected boolean isEmptyUserId ( $userId ) | ||
| $userId | mixed | |
| public void loadFromCache ( ) |
Populates an auth item with the data fetched from database.
| protected yii\rbac\Item populateItem ( $row ) | ||
| $row | array | The data from the auth item table |
| return | yii\rbac\Item | The populated auth item instance (either Role or Permission) |
|---|---|---|
{@inheritdoc}
| public void removeAll ( ) |
{@inheritdoc}
| public void removeAllAssignments ( ) |
Removes all auth items of the specified type.
| protected void removeAllItems ( $type ) | ||
| $type | integer | The auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE) |
{@inheritdoc}
| public void removeAllPermissions ( ) |
{@inheritdoc}
| public void removeAllRoles ( ) |
{@inheritdoc}
| public void removeAllRules ( ) |
{@inheritdoc}
| public void removeChild ( $parent, $child ) | ||
| $parent | ||
| $child | ||
{@inheritdoc}
| public void removeChildren ( $parent ) | ||
| $parent | ||
{@inheritdoc}
| protected void removeItem ( $item ) | ||
| $item | ||
{@inheritdoc}
| protected void removeRule ( $rule ) | ||
| $rule | ||
{@inheritdoc}
| public void revoke ( $role, $userId ) | ||
| $role | ||
| $userId | ||
{@inheritdoc}
| public void revokeAll ( $userId ) | ||
| $userId | ||
Returns a value indicating whether the database supports cascading update and delete.
The default implementation will return false for SQLite database and true for all other databases.
| protected boolean supportsCascadeUpdate ( ) | ||
| return | boolean | Whether the database supports cascading update and delete. |
|---|---|---|
{@inheritdoc}
| protected void updateItem ( $name, $item ) | ||
| $name | ||
| $item | ||
{@inheritdoc}
| protected void updateRule ( $name, $rule ) | ||
| $name | ||
| $rule | ||