Class yii\rbac\PhpManager

Inheritanceyii\rbac\PhpManager » yii\rbac\BaseManager » yii\base\Component » yii\base\BaseObject
Implementsyii\base\Configurable, yii\rbac\ManagerInterface
Available since version2.0
Source Code https://github.com/yiisoft/yii2/blob/master/framework/rbac/PhpManager.php

PhpManager represents an authorization manager that stores authorization information in terms of a PHP script file.

The authorization data will be saved to and loaded from three files specified by $itemFile, $assignmentFile and $ruleFile.

PhpManager is mainly suitable for authorization data that is not too big (for example, the authorization data for a personal blog system). Use yii\rbac\DbManager for more complex authorization data.

Note that PhpManager is not compatible with facebooks HHVM because it relies on writing php files and including them afterwards which is not supported by HHVM.

For more details and usage information on PhpManager, see the guide article on security authorization.

Public Properties

Hide inherited properties

PropertyTypeDescriptionDefined By
$assignmentFile string The path of the PHP script that contains the authorization assignments. yii\rbac\PhpManager
$itemFile string The path of the PHP script that contains the authorization items. yii\rbac\PhpManager
$ruleFile string The path of the PHP script that contains the authorization rules. yii\rbac\PhpManager

Protected Properties

Hide inherited properties

PropertyTypeDescriptionDefined By
$assignments array yii\rbac\PhpManager
$children array yii\rbac\PhpManager
$defaultRoles array A list of role names that are assigned to every user automatically without calling assign(). yii\rbac\BaseManager
$items yii\rbac\Item[] yii\rbac\PhpManager
$rules yii\rbac\Rule[] yii\rbac\PhpManager

Public Methods

Hide inherited methods

MethodDescriptionDefined By
__call() Calls the named method which is not a class method. yii\base\Component
__clone() This method is called after the object is created by cloning an existing one. yii\base\Component
__construct() Constructor. yii\base\BaseObject
__get() Returns the value of a component property. yii\base\Component
__isset() Checks if a property is set, i.e. defined and not null. yii\base\Component
__set() Sets the value of a component property. yii\base\Component
__unset() Sets a component property to be null. yii\base\Component
add() {@inheritdoc} yii\rbac\BaseManager
addChild() {@inheritdoc} yii\rbac\PhpManager
assign() {@inheritdoc} yii\rbac\PhpManager
attachBehavior() Attaches a behavior to this component. yii\base\Component
attachBehaviors() Attaches a list of behaviors to the component. yii\base\Component
behaviors() Returns a list of behaviors that this component should behave as. yii\base\Component
canAddChild() {@inheritdoc} yii\rbac\PhpManager
canGetProperty() Returns a value indicating whether a property can be read. yii\base\Component
canSetProperty() Returns a value indicating whether a property can be set. yii\base\Component
checkAccess() {@inheritdoc} yii\rbac\PhpManager
className() Returns the fully qualified name of this class. yii\base\BaseObject
createPermission() {@inheritdoc} yii\rbac\BaseManager
createRole() {@inheritdoc} yii\rbac\BaseManager
detachBehavior() Detaches a behavior from the component. yii\base\Component
detachBehaviors() Detaches all behaviors from the component. yii\base\Component
ensureBehaviors() Makes sure that the behaviors declared in behaviors() are attached to this component. yii\base\Component
getAssignment() {@inheritdoc} yii\rbac\PhpManager
getAssignments() {@inheritdoc} yii\rbac\PhpManager
getBehavior() Returns the named behavior object. yii\base\Component
getBehaviors() Returns all behaviors attached to this component. yii\base\Component
getChildRoles() {@inheritdoc} yii\rbac\PhpManager
getChildren() {@inheritdoc} yii\rbac\PhpManager
getDefaultRoleInstances() Returns defaultRoles as array of Role objects. yii\rbac\BaseManager
getDefaultRoles() Get default roles yii\rbac\BaseManager
getItem() {@inheritdoc} yii\rbac\PhpManager
getItems() {@inheritdoc} yii\rbac\PhpManager
getPermission() {@inheritdoc} yii\rbac\BaseManager
getPermissions() {@inheritdoc} yii\rbac\BaseManager
getPermissionsByRole() {@inheritdoc} yii\rbac\PhpManager
getPermissionsByUser() {@inheritdoc} yii\rbac\PhpManager
getRole() {@inheritdoc} yii\rbac\BaseManager
getRoles() {@inheritdoc} yii\rbac\BaseManager
getRolesByUser() {@inheritdoc} The roles returned by this method include the roles assigned via $defaultRoles. yii\rbac\PhpManager
getRule() {@inheritdoc} yii\rbac\PhpManager
getRules() {@inheritdoc} yii\rbac\PhpManager
getUserIdsByRole() {@inheritdoc} yii\rbac\PhpManager
hasChild() {@inheritdoc} yii\rbac\PhpManager
hasEventHandlers() Returns a value indicating whether there is any handler attached to the named event. yii\base\Component
hasMethod() Returns a value indicating whether a method is defined. yii\base\Component
hasProperty() Returns a value indicating whether a property is defined for this component. yii\base\Component
init() Initializes the application component. yii\rbac\PhpManager
off() Detaches an existing event handler from this component. yii\base\Component
on() Attaches an event handler to an event. yii\base\Component
remove() {@inheritdoc} yii\rbac\BaseManager
removeAll() {@inheritdoc} yii\rbac\PhpManager
removeAllAssignments() {@inheritdoc} yii\rbac\PhpManager
removeAllPermissions() {@inheritdoc} yii\rbac\PhpManager
removeAllRoles() {@inheritdoc} yii\rbac\PhpManager
removeAllRules() {@inheritdoc} yii\rbac\PhpManager
removeChild() {@inheritdoc} yii\rbac\PhpManager
removeChildren() {@inheritdoc} yii\rbac\PhpManager
removeItem() {@inheritdoc} yii\rbac\PhpManager
revoke() {@inheritdoc} yii\rbac\PhpManager
revokeAll() {@inheritdoc} yii\rbac\PhpManager
setDefaultRoles() Set default roles yii\rbac\BaseManager
trigger() Triggers an event. yii\base\Component
update() {@inheritdoc} yii\rbac\BaseManager
updateRule() {@inheritdoc} yii\rbac\PhpManager

Protected Methods

Hide inherited methods

MethodDescriptionDefined By
addItem() {@inheritdoc} yii\rbac\PhpManager
addRule() {@inheritdoc} yii\rbac\PhpManager
checkAccessRecursive() Performs access check for the specified user. yii\rbac\PhpManager
detectLoop() Checks whether there is a loop in the authorization item hierarchy. yii\rbac\PhpManager
executeRule() Executes the rule associated with the specified auth item. yii\rbac\BaseManager
getChildrenRecursive() Recursively finds all children and grand children of the specified item. yii\rbac\PhpManager
getDirectPermissionsByUser() Returns all permissions that are directly assigned to user. yii\rbac\PhpManager
getInheritedPermissionsByUser() Returns all permissions that the user inherits from the roles assigned to him. yii\rbac\PhpManager
hasNoAssignments() Checks whether array of $assignments is empty and $defaultRoles property is empty as well. yii\rbac\BaseManager
invalidateScriptCache() Invalidates precompiled script cache (such as OPCache or APC) for the given file. yii\rbac\PhpManager
load() Loads authorization data from persistent storage. yii\rbac\PhpManager
loadFromFile() Loads the authorization data from a PHP script file. yii\rbac\PhpManager
removeAllItems() Removes all auth items of the specified type. yii\rbac\PhpManager
removeRule() {@inheritdoc} yii\rbac\PhpManager
save() Saves authorization data into persistent storage. yii\rbac\PhpManager
saveAssignments() Saves assignments data into persistent storage. yii\rbac\PhpManager
saveItems() Saves items data into persistent storage. yii\rbac\PhpManager
saveRules() Saves rules data into persistent storage. yii\rbac\PhpManager
saveToFile() Saves the authorization data to a PHP script file. yii\rbac\PhpManager
updateItem() {@inheritdoc} yii\rbac\PhpManager

Property Details

$assignmentFile public property

The path of the PHP script that contains the authorization assignments. This can be either a file path or a path alias to the file. Make sure this file is writable by the Web server process if the authorization needs to be changed online.

See also:

public string $assignmentFile '@app/rbac/assignments.php'
$assignments protected property
protected array $assignments = []
$children protected property
protected array $children = []
$itemFile public property

The path of the PHP script that contains the authorization items. This can be either a file path or a path alias to the file. Make sure this file is writable by the Web server process if the authorization needs to be changed online.

See also:

public string $itemFile '@app/rbac/items.php'
$items protected property
protected yii\rbac\Item[] $items = []
$ruleFile public property

The path of the PHP script that contains the authorization rules. This can be either a file path or a path alias to the file. Make sure this file is writable by the Web server process if the authorization needs to be changed online.

See also:

public string $ruleFile '@app/rbac/rules.php'
$rules protected property
protected yii\rbac\Rule[] $rules = []

Method Details

addChild() public method

{@inheritdoc}

public void addChild ( $parent, $child )
$parent
$child
addItem() protected method

{@inheritdoc}

protected void addItem ( $item )
$item
addRule() protected method

{@inheritdoc}

protected void addRule ( $rule )
$rule
assign() public method

{@inheritdoc}

public void assign ( $role, $userId )
$role
$userId
canAddChild() public method (available since version 2.0.8)

{@inheritdoc}

public void canAddChild ( $parent, $child )
$parent
$child
checkAccess() public method

{@inheritdoc}

public void checkAccess ( $userId, $permissionName, $params = [] )
$userId
$permissionName
$params
checkAccessRecursive() protected method

Performs access check for the specified user.

This method is internally called by checkAccess().

protected boolean checkAccessRecursive ( $user, $itemName, $params, $assignments )
$user string|integer

The user ID. This should can be either an integer or a string representing the unique identifier of a user. See yii\web\User::id.

$itemName string

The name of the operation that need access check

$params array

Name-value pairs that would be passed to rules associated with the tasks and roles assigned to the user. A param with name 'user' is added to this array, which holds the value of $userId.

$assignments yii\rbac\Assignment[]

The assignments to the specified user

return boolean

Whether the operations can be performed by the user.

detectLoop() protected method

Checks whether there is a loop in the authorization item hierarchy.

protected boolean detectLoop ( $parent, $child )
$parent yii\rbac\Item

Parent item

$child yii\rbac\Item

The child item that is to be added to the hierarchy

return boolean

Whether a loop exists

getAssignment() public method

{@inheritdoc}

public void getAssignment ( $roleName, $userId )
$roleName
$userId
getAssignments() public method

{@inheritdoc}

public void getAssignments ( $userId )
$userId
getChildRoles() public method

{@inheritdoc}

public void getChildRoles ( $roleName )
$roleName
getChildren() public method

{@inheritdoc}

public void getChildren ( $name )
$name
getChildrenRecursive() protected method

Recursively finds all children and grand children of the specified item.

protected void getChildrenRecursive ( $name, &$result )
$name string

The name of the item whose children are to be looked for.

$result array

The children and grand children (in array keys)

getDirectPermissionsByUser() protected method (available since version 2.0.7)

Returns all permissions that are directly assigned to user.

protected yii\rbac\Permission[] getDirectPermissionsByUser ( $userId )
$userId string|integer

The user ID (see yii\web\User::id)

return yii\rbac\Permission[]

All direct permissions that the user has. The array is indexed by the permission names.

getInheritedPermissionsByUser() protected method (available since version 2.0.7)

Returns all permissions that the user inherits from the roles assigned to him.

protected yii\rbac\Permission[] getInheritedPermissionsByUser ( $userId )
$userId string|integer

The user ID (see yii\web\User::id)

return yii\rbac\Permission[]

All inherited permissions that the user has. The array is indexed by the permission names.

getItem() public method

{@inheritdoc}

public void getItem ( $name )
$name
getItems() public method

{@inheritdoc}

public void getItems ( $type )
$type
getPermissionsByRole() public method

{@inheritdoc}

public void getPermissionsByRole ( $roleName )
$roleName
getPermissionsByUser() public method

{@inheritdoc}

public void getPermissionsByUser ( $userId )
$userId
getRolesByUser() public method

{@inheritdoc} The roles returned by this method include the roles assigned via $defaultRoles.

public void getRolesByUser ( $userId )
$userId
getRule() public method

{@inheritdoc}

public void getRule ( $name )
$name
getRules() public method

{@inheritdoc}

public void getRules ( )
getUserIdsByRole() public method (available since version 2.0.7)

{@inheritdoc}

public void getUserIdsByRole ( $roleName )
$roleName
hasChild() public method

{@inheritdoc}

public void hasChild ( $parent, $child )
$parent
$child
init() public method

Initializes the application component.

This method overrides parent implementation by loading the authorization data from PHP script.

public void init ( )
invalidateScriptCache() protected method (available since version 2.0.9)

Invalidates precompiled script cache (such as OPCache or APC) for the given file.

protected void invalidateScriptCache ( $file )
$file string

The file path.

load() protected method

Loads authorization data from persistent storage.

protected void load ( )
loadFromFile() protected method

Loads the authorization data from a PHP script file.

See also saveToFile().

protected array loadFromFile ( $file )
$file string

The file path.

return array

The authorization data

removeAll() public method

{@inheritdoc}

public void removeAll ( )
removeAllAssignments() public method

{@inheritdoc}

public void removeAllAssignments ( )
removeAllItems() protected method

Removes all auth items of the specified type.

protected void removeAllItems ( $type )
$type integer

The auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE)

removeAllPermissions() public method

{@inheritdoc}

public void removeAllPermissions ( )
removeAllRoles() public method

{@inheritdoc}

public void removeAllRoles ( )
removeAllRules() public method

{@inheritdoc}

public void removeAllRules ( )
removeChild() public method

{@inheritdoc}

public void removeChild ( $parent, $child )
$parent
$child
removeChildren() public method

{@inheritdoc}

public void removeChildren ( $parent )
$parent
removeItem() public method

{@inheritdoc}

public void removeItem ( $item )
$item
removeRule() protected method

{@inheritdoc}

protected void removeRule ( $rule )
$rule
revoke() public method

{@inheritdoc}

public void revoke ( $role, $userId )
$role
$userId
revokeAll() public method

{@inheritdoc}

public void revokeAll ( $userId )
$userId
save() protected method

Saves authorization data into persistent storage.

protected void save ( )
saveAssignments() protected method

Saves assignments data into persistent storage.

protected void saveAssignments ( )
saveItems() protected method

Saves items data into persistent storage.

protected void saveItems ( )
saveRules() protected method

Saves rules data into persistent storage.

protected void saveRules ( )
saveToFile() protected method

Saves the authorization data to a PHP script file.

See also loadFromFile().

protected void saveToFile ( $data, $file )
$data array

The authorization data

$file string

The file path.

updateItem() protected method

{@inheritdoc}

protected void updateItem ( $name, $item )
$name
$item
updateRule() public method

{@inheritdoc}

public void updateRule ( $name, $rule )
$name
$rule