| Property | Type | Description | |
|---|---|---|---|
| $assignmentTable | the name of the table storing authorization item assignments. Defaults to "auth_assignment". | ||
| $cache | the cache used to improve RBAC performance. This can be one of the following: - an application component ID (e.g. cache) - a configuration array - a Cache object When this is not set, it means caching is not enabled. Note that by enabling RBAC cache, all auth items, rules and auth item parent-child relationships will be cached and loaded into memory. This will improve the performance of RBAC permission check. However, it does require extra memory and as a result may not be appropriate if your RBAC system contains too many auth items. You should seek other RBAC implementations (e.g. RBAC based on Redis storage) in this case. Also note that if you modify RBAC items, rules or parent-child relationships from outside of this component, you have to manually call DbManager::invalidateCache to ensure data consistency. | ||
| $cacheKey | the key used to store RBAC data in cache | ||
| $db | the DB connection object or the application component ID of the DB connection. After the DbManager object is created, if you want to change this property, you should only assign it with a DB connection object. Starting from version 2.0.2, this can also be a configuration array for creating the object. | ||
| $itemChildTable | the name of the table storing authorization item hierarchy. Defaults to "auth_item_child". | ||
| $itemTable | the name of the table storing authorization items. Defaults to "auth_item". | ||
| $ruleTable | the name of the table storing rules. Defaults to "auth_rule". |
| Property | Type | Description | |
|---|---|---|---|
| $items | all auth items (name => Item) | ||
| $parents | auth item parent-child relationships (childName => list of parents) | ||
| $rules | all auth rules (name => Rule) |
| Method | Description | |
|---|---|---|
| addChild ( $parent, $child ) | ||
| assign ( $role, $userId ) | ||
| canAddChild ( $parent, $child ) | ||
| checkAccess ( $userId, $permissionName, $params = [] ) | ||
| getAssignment ( $roleName, $userId ) | ||
| getAssignments ( $userId ) | ||
| getChildRoles ( $roleName ) | ||
| getChildren ( $name ) | ||
| getPermissionsByRole ( $roleName ) | ||
| getPermissionsByUser ( $userId ) | ||
| getRolesByUser ( $userId ) | ||
| getRule ( $name ) | ||
| getRules ( ) | ||
|
getUserIdsByRole ( string $roleName ) : |
Returns all role assignment information for the specified role. | |
| hasChild ( $parent, $child ) | ||
| init ( ) | Initializes the application component. | |
| invalidateCache ( ) | ||
| loadFromCache ( ) | ||
| removeAll ( ) | ||
| removeAllAssignments ( ) | ||
| removeAllPermissions ( ) | ||
| removeAllRoles ( ) | ||
| removeAllRules ( ) | ||
| removeChild ( $parent, $child ) | ||
| removeChildren ( $parent ) | ||
| revoke ( $role, $userId ) | ||
| revokeAll ( $userId ) |
| Method | Description | |
|---|---|---|
| addItem ( $item ) | ||
| addRule ( $rule ) | ||
|
checkAccessFromCache ( string | integer $user, string $itemName, array $params, |
Performs access check for the specified user based on the data loaded from cache. | |
|
checkAccessRecursive ( string | integer $user, string $itemName, array $params, |
Performs access check for the specified user. | |
|
detectLoop ( |
Checks whether there is a loop in the authorization item hierarchy. | |
| getChildrenList ( ) : array | Returns the children for every parent. | |
| getChildrenRecursive ( string $name, array $childrenList, array &$result ) | Recursively finds all children and grand children of the specified item. | |
|
getDirectPermissionsByUser ( string | integer $userId ) : |
Returns all permissions that are directly assigned to user. | |
|
getInheritedPermissionsByUser ( string | integer $userId ) : |
Returns all permissions that the user inherits from the roles assigned to him. | |
| getItem ( $name ) | ||
| getItems ( $type ) | ||
|
populateItem ( array $row ) : |
Populates an auth item with the data fetched from database | |
| removeAllItems ( integer $type ) | Removes all auth items of the specified type. | |
| removeItem ( $item ) | ||
| removeRule ( $rule ) | ||
| supportsCascadeUpdate ( ) : boolean | Returns a value indicating whether the database supports cascading update and delete. | |
| updateItem ( $name, $item ) | ||
| updateRule ( $name, $rule ) |
|
protected checkAccessFromCache ( string | integer $user, string $itemName, array $params, |
||
| $user | string | integer | the user ID. This should can be either an integer or a string representing the unique identifier of a user. See [[\yii\web\User::id]]. |
| $itemName | string | the name of the operation that need access check |
| $params | array | name-value pairs that would be passed to rules associated with the tasks and roles assigned to the user. A param with name 'user' is added to this array, which holds the value of `$userId`. |
| $assignments | the assignments to the specified user | |
| return | boolean | whether the operations can be performed by the user. |
|
protected checkAccessRecursive ( string | integer $user, string $itemName, array $params, |
||
| $user | string | integer | the user ID. This should can be either an integer or a string representing the unique identifier of a user. See [[\yii\web\User::id]]. |
| $itemName | string | the name of the operation that need access check |
| $params | array | name-value pairs that would be passed to rules associated with the tasks and roles assigned to the user. A param with name 'user' is added to this array, which holds the value of `$userId`. |
| $assignments | the assignments to the specified user | |
| return | boolean | whether the operations can be performed by the user. |
|
protected detectLoop ( |
||
| $parent | the parent item | |
| $child | the child item to be added to the hierarchy | |
| return | boolean | whether a loop exists |
| protected getChildrenList ( ) : array | ||
| return | array | the children list. Each array key is a parent item name, and the corresponding array value is a list of child item names. |
|
protected getDirectPermissionsByUser ( string | integer $userId ) : |
||
| $userId | string | integer | the user ID (see [[\yii\web\User::id]]) |
| return | all direct permissions that the user has. The array is indexed by the permission names. | |
|
protected getInheritedPermissionsByUser ( string | integer $userId ) : |
||
| $userId | string | integer | the user ID (see [[\yii\web\User::id]]) |
| return | all inherited permissions that the user has. The array is indexed by the permission names. | |
|
public getUserIdsByRole ( string $roleName ) : |
||
| $roleName | string | |
| return | the assignments. An empty array will be returned if role is not assigned to any user. | |
| public init ( ) |
|
protected populateItem ( array $row ) : |
||
| $row | array | the data from the auth item table |
| return | the populated auth item instance (either Role or Permission) | |
| protected removeAllItems ( integer $type ) | ||
| $type | integer | the auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE) |
| protected supportsCascadeUpdate ( ) : boolean | ||
| return | boolean | whether the database supports cascading update and delete. |
| public $assignmentTable |
| public $cache |
| public $db |
| public $itemChildTable |
| public $itemTable |
| protected $parents |
| public $ruleTable |
