CPhpAuthManager represents an authorization manager that stores authorization
information in terms of a PHP script file.
The authorization data will be saved to and loaded from a file specified by
CPhpAuthManager::$authFile, which defaults to 'protected/data/auth.php'.
CPhpAuthManager is mainly suitable for authorization data that is not too big
(for example, the authorization data for a personal blog system). Use CDbAuthManager for more complex authorization data.
Methods summary
public
|
#
init( )
Initializes the application component. This method overrides parent
implementation by loading the authorization data from PHP script.
Initializes the application component. This method overrides parent
implementation by loading the authorization data from PHP script.
Overrides
|
public
boolean
|
#
checkAccess( string $itemName, mixed $userId, array $params = array() )
Performs access check for the specified user.
Performs access check for the specified user.
Parameters
- $itemName
string
$itemName the name of the operation that need access check- $userId
mixed
$userId the user ID. This can be either an integer or a string representing the
unique identifier of a user. See IWebUser::getId().- $params
array
$params name-value pairs that would be passed to biz rules associated with the
tasks and roles assigned to the user. Since version 1.1.11 a param with name
'userId' is added to this array, which holds the value of <span
class="php-var">$userId</span>. Returns
boolean
whether the operations can be performed by the user.
|
public
boolean
|
#
addItemChild( string $itemName, string $childName )
Adds an item as a child of another item.
Adds an item as a child of another item.
Parameters
- $itemName
string
$itemName the parent item name- $childName
string
$childName the child item name Returns
boolean
whether the item is added successfully
Throws
CExceptionif either parent or child doesn't exist or if a loop has been detected.
|
public
boolean
|
#
removeItemChild( string $itemName, string $childName )
Removes a child from its parent. Note, the child item is not deleted. Only
the parent-child relationship is removed.
Removes a child from its parent. Note, the child item is not deleted. Only
the parent-child relationship is removed.
Parameters
- $itemName
string
$itemName the parent item name- $childName
string
$childName the child item name Returns
boolean
whether the removal is successful
|
public
boolean
|
#
hasItemChild( string $itemName, string $childName )
Returns a value indicating whether a child exists within a parent.
Returns a value indicating whether a child exists within a parent.
Parameters
- $itemName
string
$itemName the parent item name- $childName
string
$childName the child item name Returns
boolean
whether the child exists
|
public
array
|
#
getItemChildren( mixed $names )
Returns the children of the specified item.
Returns the children of the specified item.
Parameters
- $names
mixed
$names the parent item name. This can be either a string or an array. The latter
represents a list of item names. Returns
array
all child items of the parent
|
public
CAuthAssignment
|
#
assign( string $itemName, mixed $userId, string $bizRule = null, mixed $data = null )
Assigns an authorization item to a user.
Assigns an authorization item to a user.
Parameters
- $itemName
string
$itemName the item name- $userId
mixed
$userId the user ID (see IWebUser::getId())- $bizRule
string
$bizRule the business rule to be executed when CPhpAuthManager::checkAccess() is called for
this particular authorization item.- $data
mixed
$data additional data associated with this assignment Returns
Throws
CExceptionif the item does not exist or if the item has already been assigned to the user
|
public
boolean
|
#
revoke( string $itemName, mixed $userId )
Revokes an authorization assignment from a user.
Revokes an authorization assignment from a user.
Parameters
- $itemName
string
$itemName the item name- $userId
mixed
$userId the user ID (see IWebUser::getId()) Returns
boolean
whether removal is successful
|
public
boolean
|
#
isAssigned( string $itemName, mixed $userId )
Returns a value indicating whether the item has been assigned to the
user.
Returns a value indicating whether the item has been assigned to the
user.
Parameters
- $itemName
string
$itemName the item name- $userId
mixed
$userId the user ID (see IWebUser::getId()) Returns
boolean
whether the item has been assigned to the user.
|
public
CAuthAssignment
|
#
getAuthAssignment( string $itemName, mixed $userId )
Returns the item assignment information.
Returns the item assignment information.
Parameters
- $itemName
string
$itemName the item name- $userId
mixed
$userId the user ID (see IWebUser::getId()) Returns
CAuthAssignmentthe item assignment information. Null is returned if the item is not assigned to
the user.
|
public
array
|
#
getAuthAssignments( mixed $userId )
Returns the item assignments for the specified user.
Returns the item assignments for the specified user.
Parameters
Returns
array
the item assignment information for the user. An empty array will be returned if
there is no item assigned to the user.
|
public
array
|
#
getAuthItems( integer $type = null, mixed $userId = null )
Returns the authorization items of the specific type and user.
Returns the authorization items of the specific type and user.
Parameters
- $type
integer
$type the item type (0: operation, 1: task, 2: role). Defaults to null, meaning
returning all items regardless of their type.- $userId
mixed
$userId the user ID. Defaults to null, meaning returning all items even if they
are not assigned to a user. Returns
array
the authorization items of the specific type.
|
public
CAuthItem
|
#
createAuthItem( string $name, integer $type, string $description = '', string $bizRule = null, mixed $data = null )
Creates an authorization item. An authorization item represents an action
permission (e.g. creating a post). It has three types: operation, task and role.
Authorization items form a hierarchy. Higher level items inherit permissions
representing by lower level items.
Creates an authorization item. An authorization item represents an action
permission (e.g. creating a post). It has three types: operation, task and role.
Authorization items form a hierarchy. Higher level items inherit permissions
representing by lower level items.
Parameters
- $name
string
$name the item name. This must be a unique identifier.- $type
integer
$type the item type (0: operation, 1: task, 2: role).- $description
string
$description description of the item- $bizRule
string
$bizRule business rule associated with the item. This is a piece of PHP code
that will be executed when CPhpAuthManager::checkAccess() is called for the item.- $data
mixed
$data additional data associated with the item. Returns
Throws
CExceptionif an item with the same name already exists
|
public
boolean
|
#
removeAuthItem( string $name )
Removes the specified authorization item.
Removes the specified authorization item.
Parameters
- $name
string
$name the name of the item to be removed Returns
boolean
whether the item exists in the storage and has been removed
|
public
CAuthItem
|
#
getAuthItem( string $name )
Returns the authorization item with the specified name.
Returns the authorization item with the specified name.
Parameters
- $name
string
$name the name of the item Returns
CAuthItemthe authorization item. Null if the item cannot be found.
|
public
|
#
saveAuthItem( CAuthItem $item, string $oldName = null )
Saves an authorization item to persistent storage.
Saves an authorization item to persistent storage.
Parameters
- $item
CAuthItem
$item the item to be saved.- $oldName
string
$oldName the old item name. If null, it means the item name is not changed.
|
public
|
|
public
|
#
save( )
Saves authorization data into persistent storage. If any change is made to
the authorization data, please make sure you call this method to save the
changed data into persistent storage.
Saves authorization data into persistent storage. If any change is made to
the authorization data, please make sure you call this method to save the
changed data into persistent storage.
|
public
|
#
load( )
Loads authorization data.
Loads authorization data.
|
public
|
#
clearAll( )
Removes all authorization data.
Removes all authorization data.
|
public
|
|
protected
boolean
|
#
detectLoop( string $itemName, string $childName )
Checks whether there is a loop in the authorization item hierarchy.
Checks whether there is a loop in the authorization item hierarchy.
Parameters
- $itemName
string
$itemName parent item name- $childName
string
$childName the name of the child item that is to be added to the hierarchy Returns
boolean
whether a loop exists
|
protected
array
|
#
loadFromFile( string $file )
Loads the authorization data from a PHP script file.
Loads the authorization data from a PHP script file.
Parameters
- $file
string
$file the file path. Returns
array
the authorization data
See
|
protected
|
#
saveToFile( array $data, string $file )
Saves the authorization data to a PHP script file.
Saves the authorization data to a PHP script file.
Parameters
- $data
array
$data the authorization data- $file
string
$file the file path. See
|
CApplicationComponent
implements
IApplicationComponent