PHP Class yii\rbac\DbManager

The database connection is specified by [[db]]. And the database schema should be as described in "framework/rbac/*.sql". You may change the names of the three tables used to store the authorization data by setting [[itemTable]], [[itemChildTable]] and [[assignmentTable]].
Since: 2.0
Author: Qiang Xue ([email protected])
Author: Alexander Kochetov ([email protected])
Inheritance: extends BaseManager
ファイルを表示 Open project: yiisoft/yii2 Class Usage Examples

Public Properties

Property Type Description
$assignmentTable the name of the table storing authorization item assignments. Defaults to "auth_assignment".
$cache the cache used to improve RBAC performance. This can be one of the following: - an application component ID (e.g. cache) - a configuration array - a Cache object When this is not set, it means caching is not enabled. Note that by enabling RBAC cache, all auth items, rules and auth item parent-child relationships will be cached and loaded into memory. This will improve the performance of RBAC permission check. However, it does require extra memory and as a result may not be appropriate if your RBAC system contains too many auth items. You should seek other RBAC implementations (e.g. RBAC based on Redis storage) in this case. Also note that if you modify RBAC items, rules or parent-child relationships from outside of this component, you have to manually call DbManager::invalidateCache to ensure data consistency.
$cacheKey the key used to store RBAC data in cache
$db the DB connection object or the application component ID of the DB connection. After the DbManager object is created, if you want to change this property, you should only assign it with a DB connection object. Starting from version 2.0.2, this can also be a configuration array for creating the object.
$itemChildTable the name of the table storing authorization item hierarchy. Defaults to "auth_item_child".
$itemTable the name of the table storing authorization items. Defaults to "auth_item".
$ruleTable the name of the table storing rules. Defaults to "auth_rule".

Protected Properties

Property Type Description
$items all auth items (name => Item)
$parents auth item parent-child relationships (childName => list of parents)
$rules all auth rules (name => Rule)

Public Methods

Method Description
addChild ( $parent, $child )
assign ( $role, $userId )
canAddChild ( $parent, $child )
checkAccess ( $userId, $permissionName, $params = [] )
getAssignment ( $roleName, $userId )
getAssignments ( $userId )
getChildRoles ( $roleName )
getChildren ( $name )
getPermissionsByRole ( $roleName )
getPermissionsByUser ( $userId )
getRolesByUser ( $userId )
getRule ( $name )
getRules ( )
getUserIdsByRole ( string $roleName ) : Assignment[] Returns all role assignment information for the specified role.
hasChild ( $parent, $child )
init ( ) Initializes the application component.
invalidateCache ( )
loadFromCache ( )
removeAll ( )
removeAllAssignments ( )
removeAllPermissions ( )
removeAllRoles ( )
removeAllRules ( )
removeChild ( $parent, $child )
removeChildren ( $parent )
revoke ( $role, $userId )
revokeAll ( $userId )

Protected Methods

Method Description
addItem ( $item )
addRule ( $rule )
checkAccessFromCache ( string | integer $user, string $itemName, array $params, Assignment[] $assignments ) : boolean Performs access check for the specified user based on the data loaded from cache.
checkAccessRecursive ( string | integer $user, string $itemName, array $params, Assignment[] $assignments ) : boolean Performs access check for the specified user.
detectLoop ( Item $parent, Item $child ) : boolean Checks whether there is a loop in the authorization item hierarchy.
getChildrenList ( ) : array Returns the children for every parent.
getChildrenRecursive ( string $name, array $childrenList, array &$result ) Recursively finds all children and grand children of the specified item.
getDirectPermissionsByUser ( string | integer $userId ) : Permission[] Returns all permissions that are directly assigned to user.
getInheritedPermissionsByUser ( string | integer $userId ) : Permission[] Returns all permissions that the user inherits from the roles assigned to him.
getItem ( $name )
getItems ( $type )
populateItem ( array $row ) : Item Populates an auth item with the data fetched from database
removeAllItems ( integer $type ) Removes all auth items of the specified type.
removeItem ( $item )
removeRule ( $rule )
supportsCascadeUpdate ( ) : boolean Returns a value indicating whether the database supports cascading update and delete.
updateItem ( $name, $item )
updateRule ( $name, $rule )

Method Details

addChild() public method

public addChild ( $parent, $child )

addItem() protected method

protected addItem ( $item )

addRule() protected method

protected addRule ( $rule )

assign() public method

public assign ( $role, $userId )

canAddChild() public method

Since: 2.0.8
public canAddChild ( $parent, $child )

checkAccess() public method

public checkAccess ( $userId, $permissionName, $params = [] )

checkAccessFromCache() protected method

This method is internally called by DbManager::checkAccess when [[cache]] is enabled.
Since: 2.0.3
protected checkAccessFromCache ( string | integer $user, string $itemName, array $params, Assignment[] $assignments ) : boolean
$user string | integer the user ID. This should can be either an integer or a string representing the unique identifier of a user. See [[\yii\web\User::id]].
$itemName string the name of the operation that need access check
$params array name-value pairs that would be passed to rules associated with the tasks and roles assigned to the user. A param with name 'user' is added to this array, which holds the value of `$userId`.
$assignments Assignment[] the assignments to the specified user
return boolean whether the operations can be performed by the user.

checkAccessRecursive() protected method

This method is internally called by DbManager::checkAccess.
protected checkAccessRecursive ( string | integer $user, string $itemName, array $params, Assignment[] $assignments ) : boolean
$user string | integer the user ID. This should can be either an integer or a string representing the unique identifier of a user. See [[\yii\web\User::id]].
$itemName string the name of the operation that need access check
$params array name-value pairs that would be passed to rules associated with the tasks and roles assigned to the user. A param with name 'user' is added to this array, which holds the value of `$userId`.
$assignments Assignment[] the assignments to the specified user
return boolean whether the operations can be performed by the user.

detectLoop() protected method

Checks whether there is a loop in the authorization item hierarchy.
protected detectLoop ( Item $parent, Item $child ) : boolean
$parent Item the parent item
$child Item the child item to be added to the hierarchy
return boolean whether a loop exists

getAssignment() public method

public getAssignment ( $roleName, $userId )

getAssignments() public method

public getAssignments ( $userId )

getChildRoles() public method

public getChildRoles ( $roleName )

getChildren() public method

public getChildren ( $name )

getChildrenList() protected method

Returns the children for every parent.
protected getChildrenList ( ) : array
return array the children list. Each array key is a parent item name, and the corresponding array value is a list of child item names.

getChildrenRecursive() protected method

Recursively finds all children and grand children of the specified item.
protected getChildrenRecursive ( string $name, array $childrenList, array &$result )
$name string the name of the item whose children are to be looked for.
$childrenList array the child list built via [[getChildrenList()]]
$result array the children and grand children (in array keys)

getDirectPermissionsByUser() protected method

Returns all permissions that are directly assigned to user.
Since: 2.0.7
protected getDirectPermissionsByUser ( string | integer $userId ) : Permission[]
$userId string | integer the user ID (see [[\yii\web\User::id]])
return Permission[] all direct permissions that the user has. The array is indexed by the permission names.

getInheritedPermissionsByUser() protected method

Returns all permissions that the user inherits from the roles assigned to him.
Since: 2.0.7
protected getInheritedPermissionsByUser ( string | integer $userId ) : Permission[]
$userId string | integer the user ID (see [[\yii\web\User::id]])
return Permission[] all inherited permissions that the user has. The array is indexed by the permission names.

getItem() protected method

protected getItem ( $name )

getItems() protected method

protected getItems ( $type )

getPermissionsByRole() public method

public getPermissionsByRole ( $roleName )

getPermissionsByUser() public method

public getPermissionsByUser ( $userId )

getRolesByUser() public method

public getRolesByUser ( $userId )

getRule() public method

public getRule ( $name )

getRules() public method

public getRules ( )

getUserIdsByRole() public method

Returns all role assignment information for the specified role.
Since: 2.0.7
public getUserIdsByRole ( string $roleName ) : Assignment[]
$roleName string
return Assignment[] the assignments. An empty array will be returned if role is not assigned to any user.

hasChild() public method

public hasChild ( $parent, $child )

init() public method

This method overrides the parent implementation by establishing the database connection.
public init ( )

invalidateCache() public method

public invalidateCache ( )

loadFromCache() public method

public loadFromCache ( )

populateItem() protected method

Populates an auth item with the data fetched from database
protected populateItem ( array $row ) : Item
$row array the data from the auth item table
return Item the populated auth item instance (either Role or Permission)

removeAll() public method

public removeAll ( )

removeAllAssignments() public method

removeAllItems() protected method

Removes all auth items of the specified type.
protected removeAllItems ( integer $type )
$type integer the auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE)

removeAllPermissions() public method

removeAllRoles() public method

public removeAllRoles ( )

removeAllRules() public method

public removeAllRules ( )

removeChild() public method

public removeChild ( $parent, $child )

removeChildren() public method

public removeChildren ( $parent )

removeItem() protected method

protected removeItem ( $item )

removeRule() protected method

protected removeRule ( $rule )

revoke() public method

public revoke ( $role, $userId )

revokeAll() public method

public revokeAll ( $userId )

supportsCascadeUpdate() protected method

The default implementation will return false for SQLite database and true for all other databases.
protected supportsCascadeUpdate ( ) : boolean
return boolean whether the database supports cascading update and delete.

updateItem() protected method

protected updateItem ( $name, $item )

updateRule() protected method

protected updateRule ( $name, $rule )

Property Details

$assignmentTable public_oe property

the name of the table storing authorization item assignments. Defaults to "auth_assignment".
public $assignmentTable

$cache public_oe property

the cache used to improve RBAC performance. This can be one of the following: - an application component ID (e.g. cache) - a configuration array - a Cache object When this is not set, it means caching is not enabled. Note that by enabling RBAC cache, all auth items, rules and auth item parent-child relationships will be cached and loaded into memory. This will improve the performance of RBAC permission check. However, it does require extra memory and as a result may not be appropriate if your RBAC system contains too many auth items. You should seek other RBAC implementations (e.g. RBAC based on Redis storage) in this case. Also note that if you modify RBAC items, rules or parent-child relationships from outside of this component, you have to manually call DbManager::invalidateCache to ensure data consistency.
Since: 2.0.3
public $cache

$cacheKey public_oe property

the key used to store RBAC data in cache
See also: cache
Since: 2.0.3
public $cacheKey

$db public_oe property

the DB connection object or the application component ID of the DB connection. After the DbManager object is created, if you want to change this property, you should only assign it with a DB connection object. Starting from version 2.0.2, this can also be a configuration array for creating the object.
public $db

$itemChildTable public_oe property

the name of the table storing authorization item hierarchy. Defaults to "auth_item_child".
public $itemChildTable

$itemTable public_oe property

the name of the table storing authorization items. Defaults to "auth_item".
public $itemTable

$items protected_oe property

all auth items (name => Item)
protected $items

$parents protected_oe property

auth item parent-child relationships (childName => list of parents)
protected $parents

$ruleTable public_oe property

the name of the table storing rules. Defaults to "auth_rule".
public $ruleTable

$rules protected_oe property

all auth rules (name => Rule)
protected $rules