Class yii\rbac\PhpManager
Inheritance | yii\rbac\PhpManager » yii\rbac\BaseManager » yii\base\Component » yii\base\BaseObject |
---|---|
Implements | yii\base\Configurable, yii\rbac\ManagerInterface |
Available since version | 2.0 |
Source Code | https://github.com/yiisoft/yii2/blob/master/framework/rbac/PhpManager.php |
PhpManager represents an authorization manager that stores authorization information in terms of a PHP script file.
The authorization data will be saved to and loaded from three files specified by $itemFile, $assignmentFile and $ruleFile.
PhpManager is mainly suitable for authorization data that is not too big (for example, the authorization data for a personal blog system). Use yii\rbac\DbManager for more complex authorization data.
Note that PhpManager is not compatible with facebooks HHVM because it relies on writing php files and including them afterwards which is not supported by HHVM.
For more details and usage information on PhpManager, see the guide article on security authorization.
Public Properties
Property | Type | Description | Defined By |
---|---|---|---|
$assignmentFile | string | The path of the PHP script that contains the authorization assignments. | yii\rbac\PhpManager |
$itemFile | string | The path of the PHP script that contains the authorization items. | yii\rbac\PhpManager |
$ruleFile | string | The path of the PHP script that contains the authorization rules. | yii\rbac\PhpManager |
Protected Properties
Property | Type | Description | Defined By |
---|---|---|---|
$assignments | array | yii\rbac\PhpManager | |
$children | array | yii\rbac\PhpManager | |
$defaultRoles | array | A list of role names that are assigned to every user automatically without calling assign(). | yii\rbac\BaseManager |
$items | yii\rbac\Item[] | yii\rbac\PhpManager | |
$rules | yii\rbac\Rule[] | yii\rbac\PhpManager |
Public Methods
Protected Methods
Method | Description | Defined By |
---|---|---|
addItem() | {@inheritdoc} | yii\rbac\PhpManager |
addRule() | {@inheritdoc} | yii\rbac\PhpManager |
checkAccessRecursive() | Performs access check for the specified user. | yii\rbac\PhpManager |
detectLoop() | Checks whether there is a loop in the authorization item hierarchy. | yii\rbac\PhpManager |
executeRule() | Executes the rule associated with the specified auth item. | yii\rbac\BaseManager |
getChildrenRecursive() | Recursively finds all children and grand children of the specified item. | yii\rbac\PhpManager |
getDirectPermissionsByUser() | Returns all permissions that are directly assigned to user. | yii\rbac\PhpManager |
getInheritedPermissionsByUser() | Returns all permissions that the user inherits from the roles assigned to him. | yii\rbac\PhpManager |
hasNoAssignments() | Checks whether array of $assignments is empty and $defaultRoles property is empty as well. | yii\rbac\BaseManager |
invalidateScriptCache() | Invalidates precompiled script cache (such as OPCache or APC) for the given file. | yii\rbac\PhpManager |
load() | Loads authorization data from persistent storage. | yii\rbac\PhpManager |
loadFromFile() | Loads the authorization data from a PHP script file. | yii\rbac\PhpManager |
removeAllItems() | Removes all auth items of the specified type. | yii\rbac\PhpManager |
removeRule() | {@inheritdoc} | yii\rbac\PhpManager |
save() | Saves authorization data into persistent storage. | yii\rbac\PhpManager |
saveAssignments() | Saves assignments data into persistent storage. | yii\rbac\PhpManager |
saveItems() | Saves items data into persistent storage. | yii\rbac\PhpManager |
saveRules() | Saves rules data into persistent storage. | yii\rbac\PhpManager |
saveToFile() | Saves the authorization data to a PHP script file. | yii\rbac\PhpManager |
updateItem() | {@inheritdoc} | yii\rbac\PhpManager |
Property Details
The path of the PHP script that contains the authorization assignments. This can be either a file path or a path alias to the file. Make sure this file is writable by the Web server process if the authorization needs to be changed online.
See also:
The path of the PHP script that contains the authorization items. This can be either a file path or a path alias to the file. Make sure this file is writable by the Web server process if the authorization needs to be changed online.
See also:
The path of the PHP script that contains the authorization rules. This can be either a file path or a path alias to the file. Make sure this file is writable by the Web server process if the authorization needs to be changed online.
See also:
Method Details
{@inheritdoc}
public void addChild ( $parent, $child ) | ||
$parent | ||
$child |
{@inheritdoc}
protected void addItem ( $item ) | ||
$item |
{@inheritdoc}
protected void addRule ( $rule ) | ||
$rule |
{@inheritdoc}
public void assign ( $role, $userId ) | ||
$role | ||
$userId |
{@inheritdoc}
public void canAddChild ( $parent, $child ) | ||
$parent | ||
$child |
{@inheritdoc}
public void checkAccess ( $userId, $permissionName, $params = [] ) | ||
$userId | ||
$permissionName | ||
$params |
Performs access check for the specified user.
This method is internally called by checkAccess().
protected boolean checkAccessRecursive ( $user, $itemName, $params, $assignments ) | ||
$user | string|integer | The user ID. This should can be either an integer or a string representing the unique identifier of a user. See yii\web\User::id. |
$itemName | string | The name of the operation that need access check |
$params | array | Name-value pairs that would be passed to rules associated
with the tasks and roles assigned to the user. A param with name 'user' is added to this array,
which holds the value of |
$assignments | yii\rbac\Assignment[] | The assignments to the specified user |
return | boolean | Whether the operations can be performed by the user. |
---|
Checks whether there is a loop in the authorization item hierarchy.
protected boolean detectLoop ( $parent, $child ) | ||
$parent | yii\rbac\Item | Parent item |
$child | yii\rbac\Item | The child item that is to be added to the hierarchy |
return | boolean | Whether a loop exists |
---|
{@inheritdoc}
public void getAssignment ( $roleName, $userId ) | ||
$roleName | ||
$userId |
{@inheritdoc}
public void getAssignments ( $userId ) | ||
$userId |
{@inheritdoc}
public void getChildRoles ( $roleName ) | ||
$roleName |
{@inheritdoc}
public void getChildren ( $name ) | ||
$name |
Recursively finds all children and grand children of the specified item.
protected void getChildrenRecursive ( $name, &$result ) | ||
$name | string | The name of the item whose children are to be looked for. |
$result | array | The children and grand children (in array keys) |
Returns all permissions that are directly assigned to user.
protected yii\rbac\Permission[] getDirectPermissionsByUser ( $userId ) | ||
$userId | string|integer | The user ID (see yii\web\User::id) |
return | yii\rbac\Permission[] | All direct permissions that the user has. The array is indexed by the permission names. |
---|
Returns all permissions that the user inherits from the roles assigned to him.
protected yii\rbac\Permission[] getInheritedPermissionsByUser ( $userId ) | ||
$userId | string|integer | The user ID (see yii\web\User::id) |
return | yii\rbac\Permission[] | All inherited permissions that the user has. The array is indexed by the permission names. |
---|
{@inheritdoc}
public void getItem ( $name ) | ||
$name |
{@inheritdoc}
public void getItems ( $type ) | ||
$type |
{@inheritdoc}
public void getPermissionsByRole ( $roleName ) | ||
$roleName |
{@inheritdoc}
public void getPermissionsByUser ( $userId ) | ||
$userId |
{@inheritdoc} The roles returned by this method include the roles assigned via $defaultRoles.
public void getRolesByUser ( $userId ) | ||
$userId |
{@inheritdoc}
public void getRule ( $name ) | ||
$name |
{@inheritdoc}
public void getRules ( ) |
{@inheritdoc}
public void getUserIdsByRole ( $roleName ) | ||
$roleName |
{@inheritdoc}
public void hasChild ( $parent, $child ) | ||
$parent | ||
$child |
Initializes the application component.
This method overrides parent implementation by loading the authorization data from PHP script.
public void init ( ) |
Invalidates precompiled script cache (such as OPCache or APC) for the given file.
protected void invalidateScriptCache ( $file ) | ||
$file | string | The file path. |
Loads authorization data from persistent storage.
protected void load ( ) |
Loads the authorization data from a PHP script file.
See also saveToFile().
protected array loadFromFile ( $file ) | ||
$file | string | The file path. |
return | array | The authorization data |
---|
{@inheritdoc}
public void removeAll ( ) |
{@inheritdoc}
public void removeAllAssignments ( ) |
Removes all auth items of the specified type.
protected void removeAllItems ( $type ) | ||
$type | integer | The auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE) |
{@inheritdoc}
public void removeAllPermissions ( ) |
{@inheritdoc}
public void removeAllRoles ( ) |
{@inheritdoc}
public void removeAllRules ( ) |
{@inheritdoc}
public void removeChild ( $parent, $child ) | ||
$parent | ||
$child |
{@inheritdoc}
public void removeChildren ( $parent ) | ||
$parent |
{@inheritdoc}
public void removeItem ( $item ) | ||
$item |
{@inheritdoc}
protected void removeRule ( $rule ) | ||
$rule |
{@inheritdoc}
public void revoke ( $role, $userId ) | ||
$role | ||
$userId |
{@inheritdoc}
public void revokeAll ( $userId ) | ||
$userId |
Saves authorization data into persistent storage.
protected void save ( ) |
Saves assignments data into persistent storage.
protected void saveAssignments ( ) |
Saves items data into persistent storage.
protected void saveItems ( ) |
Saves rules data into persistent storage.
protected void saveRules ( ) |
Saves the authorization data to a PHP script file.
See also loadFromFile().
protected void saveToFile ( $data, $file ) | ||
$data | array | The authorization data |
$file | string | The file path. |
{@inheritdoc}
protected void updateItem ( $name, $item ) | ||
$name | ||
$item |
{@inheritdoc}
public void updateRule ( $name, $rule ) | ||
$name | ||
$rule |