| Property | Type | Description | |
|---|---|---|---|
| $assignmentCollection | the name of the collection storing authorization item assignments. Defaults to "auth_assignment". | ||
| $cache | the cache used to improve RBAC performance. This can be one of the following: - an application component ID (e.g. cache) - a configuration array - a Cache object When this is not set, it means caching is not enabled. Note that by enabling RBAC cache, all auth items, rules and auth item parent-child relationships will be cached and loaded into memory. This will improve the performance of RBAC permission check. However, it does require extra memory and as a result may not be appropriate if your RBAC system contains too many auth items. You should seek other RBAC implementations (e.g. RBAC based on Redis storage) in this case. Also note that if you modify RBAC items, rules or parent-child relationships from outside of this component, you have to manually call MongoDbManager::invalidateCache to ensure data consistency. | ||
| $cacheKey | the key used to store RBAC data in cache | ||
| $db | the MongoDB connection object or the application component ID of the MongoDB connection. After the MongoDbManager object is created, if you want to change this property, you should only assign it with a MongoDB connection object. | ||
| $itemCollection | the name of the collection storing authorization items. Defaults to "auth_item". | ||
| $ruleCollection | the name of the collection storing rules. Defaults to "auth_rule". |
| Property | Type | Description | |
|---|---|---|---|
| $items | all auth items (name => Item) | ||
| $rules | all auth rules (name => Rule) |
| Method | Description | |
|---|---|---|
| addChild ( $parent, $child ) | ||
| assign ( $role, $userId ) | ||
| canAddChild ( $parent, $child ) | ||
| checkAccess ( $userId, $permissionName, $params = [] ) | ||
| getAssignment ( $roleName, $userId ) | ||
| getAssignments ( $userId ) | ||
| getChildRoles ( $roleName ) | ||
| getChildren ( $name ) | ||
| getPermissionsByRole ( $roleName ) | ||
| getPermissionsByUser ( $userId ) | ||
| getRolesByUser ( $userId ) | ||
| getRule ( $name ) | ||
| getRules ( ) | ||
| getUserIdsByRole ( $roleName ) | ||
| hasChild ( $parent, $child ) | ||
| init ( ) | Initializes the application component. | |
| invalidateCache ( ) | Invalidates RBAC related cache | |
| loadFromCache ( ) | Loads data from cache | |
| removeAll ( ) | ||
| removeAllAssignments ( ) | ||
| removeAllPermissions ( ) | ||
| removeAllRoles ( ) | ||
| removeAllRules ( ) | ||
| removeChild ( $parent, $child ) | ||
| removeChildren ( $parent ) | ||
| revoke ( $role, $userId ) | ||
| revokeAll ( $userId ) |
| Method | Description | |
|---|---|---|
| addItem ( $item ) | ||
| addRule ( $rule ) | ||
|
checkAccessFromCache ( string | integer $user, string $itemName, array $params, |
Performs access check for the specified user based on the data loaded from cache. | |
|
checkAccessRecursive ( string | integer $user, string $itemName, array $params, |
Performs access check for the specified user. | |
|
detectLoop ( |
Checks whether there is a loop in the authorization item hierarchy. | |
| getChildrenList ( ) : array | Returns the children for every parent. | |
| getChildrenRecursive ( string $name, array $childrenList, array &$result ) | Recursively finds all children and grand children of the specified item. | |
| getItem ( $name ) | ||
| getItems ( $type ) | ||
|
populateItem ( array $row ) : |
Populates an auth item with the data fetched from collection | |
| removeAllItems ( integer $type ) | Removes all auth items of the specified type. | |
| removeItem ( $item ) | ||
| removeRule ( $rule ) | ||
| updateItem ( $name, $item ) | ||
| updateRule ( $name, $rule ) |
|
protected checkAccessFromCache ( string | integer $user, string $itemName, array $params, |
||
| $user | string | integer | the user ID. This should can be either an integer or a string representing the unique identifier of a user. See [[\yii\web\User::id]]. |
| $itemName | string | the name of the operation that need access check |
| $params | array | name-value pairs that would be passed to rules associated with the tasks and roles assigned to the user. A param with name 'user' is added to this array, which holds the value of `$userId`. |
| $assignments | the assignments to the specified user | |
| return | boolean | whether the operations can be performed by the user. |
|
protected checkAccessRecursive ( string | integer $user, string $itemName, array $params, |
||
| $user | string | integer | the user ID. This should can be either an integer or a string representing the unique identifier of a user. See [[\yii\web\User::id]]. |
| $itemName | string | the name of the operation that need access check |
| $params | array | name-value pairs that would be passed to rules associated with the tasks and roles assigned to the user. A param with name 'user' is added to this array, which holds the value of `$userId`. |
| $assignments | the assignments to the specified user | |
| return | boolean | whether the operations can be performed by the user. |
|
protected detectLoop ( |
||
| $parent | the parent item | |
| $child | the child item to be added to the hierarchy | |
| return | boolean | whether a loop exists |
| protected getChildrenList ( ) : array | ||
| return | array | the children list. Each array key is a parent item name, and the corresponding array value is a list of child item names. |
| public init ( ) |
|
protected populateItem ( array $row ) : |
||
| $row | array | the data from the auth item collection |
| return | the populated auth item instance (either Role or Permission) | |
| protected removeAllItems ( integer $type ) | ||
| $type | integer | the auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE) |
| public $assignmentCollection |
| public $cache |
| public $db |
| public $itemCollection |
| public $ruleCollection |
