Class CAuthManager

CAuthManager is the base class for authorization manager classes.

CAuthManager extends CApplicationComponent and implements some methods that are common among authorization manager classes.

CAuthManager together with its concrete child classes implement the Role-Based Access Control (RBAC).

The main idea is that permissions are organized as a hierarchy of CAuthItem authorization items. Items on higher level inherit the permissions represented by items on lower level. And roles are simply top-level authorization items that may be assigned to individual users. A user is said to have a permission to do something if the corresponding authorization item is inherited by one of his roles.

Using authorization manager consists of two aspects. First, the authorization hierarchy and assignments have to be established. CAuthManager and its child classes provides APIs to accomplish this task. Developers may need to develop some GUI so that it is more intuitive to end-users. Second, developers call IAuthManager::checkAccess() at appropriate places in the application code to check if the current user has the needed permission for an operation.

CComponent

CApplicationComponent implements IApplicationComponent

CAuthManager implements IAuthManager

Direct known subclasses

CDbAuthManager, CPhpAuthManager

Indirect known subclasses

X2AuthManager

Abstract
Package: system\web\auth
Copyright: 2008-2013 Yii Software LLC
License: http://www.yiiframework.com/license/
Author: Qiang Xue <qiang.xue@gmail.com>
Since: 1.0
Located at x2engine/framework/web/auth/CAuthManager.php

Methods summary
`public CAuthItem`	# `createRole( string $name, string $description = '', string $bizRule = null, mixed $data = null )` Creates a role. This is a shortcut method to `IAuthManager::createAuthItem()`. Creates a role. This is a shortcut method to `IAuthManager::createAuthItem()`. Parameters `$name` `string` $name the item name `$description` `string` $description the item description. `$bizRule` `string` $bizRule the business rule associated with this item `$data` `mixed` $data additional data to be passed when evaluating the business rule Returns `CAuthItem` the authorization item
`public CAuthItem`	# `createTask( string $name, string $description = '', string $bizRule = null, mixed $data = null )` Creates a task. This is a shortcut method to `IAuthManager::createAuthItem()`. Creates a task. This is a shortcut method to `IAuthManager::createAuthItem()`. Parameters `$name` `string` $name the item name `$description` `string` $description the item description. `$bizRule` `string` $bizRule the business rule associated with this item `$data` `mixed` $data additional data to be passed when evaluating the business rule Returns `CAuthItem` the authorization item
`public CAuthItem`	# `createOperation( string $name, string $description = '', string $bizRule = null, mixed $data = null )` Creates an operation. This is a shortcut method to `IAuthManager::createAuthItem()`. Creates an operation. This is a shortcut method to `IAuthManager::createAuthItem()`. Parameters `$name` `string` $name the item name `$description` `string` $description the item description. `$bizRule` `string` $bizRule the business rule associated with this item `$data` `mixed` $data additional data to be passed when evaluating the business rule Returns `CAuthItem` the authorization item
`public array`	# `getRoles( mixed $userId = null )` Returns roles. This is a shortcut method to `IAuthManager::getAuthItems()`. Returns roles. This is a shortcut method to `IAuthManager::getAuthItems()`. Parameters `$userId` `mixed` $userId the user ID. If not null, only the roles directly assigned to the user will be returned. Otherwise, all roles will be returned. Returns `array` roles (name=>CAuthItem)
`public array`	# `getTasks( mixed $userId = null )` Returns tasks. This is a shortcut method to `IAuthManager::getAuthItems()`. Returns tasks. This is a shortcut method to `IAuthManager::getAuthItems()`. Parameters `$userId` `mixed` $userId the user ID. If not null, only the tasks directly assigned to the user will be returned. Otherwise, all tasks will be returned. Returns `array` tasks (name=>CAuthItem)
`public array`	# `getOperations( mixed $userId = null )` Returns operations. This is a shortcut method to `IAuthManager::getAuthItems()`. Returns operations. This is a shortcut method to `IAuthManager::getAuthItems()`. Parameters `$userId` `mixed` $userId the user ID. If not null, only the operations directly assigned to the user will be returned. Otherwise, all operations will be returned. Returns `array` operations (name=>CAuthItem)
`public boolean`	# `executeBizRule( string $bizRule, array $params, mixed $data )` Executes the specified business rule. Executes the specified business rule. Parameters `$bizRule` `string` $bizRule the business rule to be executed. `$params` `array` $params parameters passed to `IAuthManager::checkAccess()`. `$data` `mixed` $data additional data associated with the authorization item or assignment. Returns `boolean` whether the business rule returns true. If the business rule is empty, it will still return true. Implementation of `IAuthManager::executeBizRule()`
`protected`	# `checkItemChildType( integer $parentType, integer $childType )` Checks the item types to make sure a child can be added to a parent. Checks the item types to make sure a child can be added to a parent. Parameters `$parentType` `integer` $parentType parent item type `$childType` `integer` $childType child item type Throws `CException` if the item cannot be added as a child due to its incompatible type.

Methods inherited from CApplicationComponent
`getIsInitialized(), init()`

Methods inherited from CComponent
`__call(), __get(), __isset(), __set(), __unset(), asa(), attachBehavior(), attachBehaviors(), attachEventHandler(), canGetProperty(), canSetProperty(), detachBehavior(), detachBehaviors(), detachEventHandler(), disableBehavior(), disableBehaviors(), enableBehavior(), enableBehaviors(), evaluateExpression(), getEventHandlers(), hasEvent(), hasEventHandler(), hasProperty(), raiseEvent()`

Methods inherited from IAuthManager
`addItemChild(), assign(), checkAccess(), clearAll(), clearAuthAssignments(), createAuthItem(), getAuthAssignment(), getAuthAssignments(), getAuthItem(), getAuthItems(), getItemChildren(), hasItemChild(), isAssigned(), removeAuthItem(), removeItemChild(), revoke(), save(), saveAuthAssignment(), saveAuthItem()`

Properties summary
`public boolean`	`$showErrors`	`false`	# Enable error reporting for bizRules. Enable error reporting for bizRules. Since 1.1.3
`public array`	`$defaultRoles`	`array()`	# list of role names that are assigned to all users implicitly. These roles do not need to be explicitly assigned to any user. When calling `IAuthManager::checkAccess()`, these roles will be checked first. For performance reason, you should minimize the number of such roles. A typical usage of such roles is to define an 'authenticated' role and associate it with a biz rule which checks if the current user is authenticated. And then declare 'authenticated' in this property so that it can be applied to every authenticated user. list of role names that are assigned to all users implicitly. These roles do not need to be explicitly assigned to any user. When calling `IAuthManager::checkAccess()`, these roles will be checked first. For performance reason, you should minimize the number of such roles. A typical usage of such roles is to define an 'authenticated' role and associate it with a biz rule which checks if the current user is authenticated. And then declare 'authenticated' in this property so that it can be applied to every authenticated user.

Properties inherited from CApplicationComponent
`$behaviors`

Magic properties summary
`public array`	`$roles`	# Roles (name=>CAuthItem). Roles (name=>CAuthItem).
`public array`	`$tasks`	# Tasks (name=>CAuthItem). Tasks (name=>CAuthItem).
`public array`	`$operations`	# Operations (name=>CAuthItem). Operations (name=>CAuthItem).

Magic properties inherited from CApplicationComponent
`$isInitialized`

Packages

Classes

Class CAuthManager

Direct known subclasses

Indirect known subclasses

Parameters

Returns

Parameters

Returns

Parameters

Returns

Parameters

Returns

Parameters

Returns

Parameters

Returns

Parameters

Returns

Implementation of

Parameters

Throws

Since