Methods summary
public
boolean
|
#
checkAccess( string $itemName, mixed $userId, array $params = array() )
Performs access check for the specified user.
Performs access check for the specified user.
Parameters
- $itemName
string
$itemName the name of the operation that we are checking access to- $userId
mixed
$userId the user ID. This should be either an integer or a string representing
the unique identifier of a user. See IWebUser::getId().- $params
array
$params name-value pairs that would be passed to biz rules associated with the
tasks and roles assigned to the user. Returns
boolean
whether the operations can be performed by the user.
|
public
CAuthItem
|
#
createAuthItem( string $name, integer $type, string $description = '', string $bizRule = null, mixed $data = null )
Creates an authorization item. An authorization item represents an action
permission (e.g. creating a post). It has three types: operation, task and role.
Authorization items form a hierarchy. Higher level items inherit permissions
representing by lower level items.
Creates an authorization item. An authorization item represents an action
permission (e.g. creating a post). It has three types: operation, task and role.
Authorization items form a hierarchy. Higher level items inherit permissions
representing by lower level items.
Parameters
- $name
string
$name the item name. This must be a unique identifier.- $type
integer
$type the item type (0: operation, 1: task, 2: role).- $description
string
$description description of the item- $bizRule
string
$bizRule business rule associated with the item. This is a piece of PHP code
that will be executed when IAuthManager::checkAccess() is called for the item.- $data
mixed
$data additional data associated with the item. Returns
Throws
CExceptionif an item with the same name already exists
|
public
boolean
|
#
removeAuthItem( string $name )
Removes the specified authorization item.
Removes the specified authorization item.
Parameters
- $name
string
$name the name of the item to be removed Returns
boolean
whether the item exists in the storage and has been removed
|
public
array
|
#
getAuthItems( integer $type = null, mixed $userId = null )
Returns the authorization items of the specific type and user.
Returns the authorization items of the specific type and user.
Parameters
- $type
integer
$type the item type (0: operation, 1: task, 2: role). Defaults to null, meaning
returning all items regardless of their type.- $userId
mixed
$userId the user ID. Defaults to null, meaning returning all items even if they
are not assigned to a user. Returns
array
the authorization items of the specific type.
|
public
CAuthItem
|
#
getAuthItem( string $name )
Returns the authorization item with the specified name.
Returns the authorization item with the specified name.
Parameters
- $name
string
$name the name of the item Returns
CAuthItemthe authorization item. Null if the item cannot be found.
|
public
|
#
saveAuthItem( CAuthItem $item, string $oldName = null )
Saves an authorization item to persistent storage.
Saves an authorization item to persistent storage.
Parameters
- $item
CAuthItem
$item the item to be saved.- $oldName
string
$oldName the old item name. If null, it means the item name is not changed.
|
public
|
#
addItemChild( string $itemName, string $childName )
Adds an item as a child of another item.
Adds an item as a child of another item.
Parameters
- $itemName
string
$itemName the parent item name- $childName
string
$childName the child item name Throws
CExceptionif either parent or child doesn't exist or if a loop has been detected.
|
public
boolean
|
#
removeItemChild( string $itemName, string $childName )
Removes a child from its parent. Note, the child item is not deleted. Only
the parent-child relationship is removed.
Removes a child from its parent. Note, the child item is not deleted. Only
the parent-child relationship is removed.
Parameters
- $itemName
string
$itemName the parent item name- $childName
string
$childName the child item name Returns
boolean
whether the removal is successful
|
public
boolean
|
#
hasItemChild( string $itemName, string $childName )
Returns a value indicating whether a child exists within a parent.
Returns a value indicating whether a child exists within a parent.
Parameters
- $itemName
string
$itemName the parent item name- $childName
string
$childName the child item name Returns
boolean
whether the child exists
|
public
array
|
#
getItemChildren( mixed $itemName )
Returns the children of the specified item.
Returns the children of the specified item.
Parameters
- $itemName
mixed
$itemName the parent item name. This can be either a string or an array. The
latter represents a list of item names. Returns
array
all child items of the parent
|
public
CAuthAssignment
|
#
assign( string $itemName, mixed $userId, string $bizRule = null, mixed $data = null )
Assigns an authorization item to a user.
Assigns an authorization item to a user.
Parameters
- $itemName
string
$itemName the item name- $userId
mixed
$userId the user ID (see IWebUser::getId())- $bizRule
string
$bizRule the business rule to be executed when IAuthManager::checkAccess() is called for
this particular authorization item.- $data
mixed
$data additional data associated with this assignment Returns
Throws
CExceptionif the item does not exist or if the item has already been assigned to the user
|
public
boolean
|
#
revoke( string $itemName, mixed $userId )
Revokes an authorization assignment from a user.
Revokes an authorization assignment from a user.
Parameters
- $itemName
string
$itemName the item name- $userId
mixed
$userId the user ID (see IWebUser::getId()) Returns
boolean
whether removal is successful
|
public
boolean
|
#
isAssigned( string $itemName, mixed $userId )
Returns a value indicating whether the item has been assigned to the
user.
Returns a value indicating whether the item has been assigned to the
user.
Parameters
- $itemName
string
$itemName the item name- $userId
mixed
$userId the user ID (see IWebUser::getId()) Returns
boolean
whether the item has been assigned to the user.
|
public
CAuthAssignment
|
#
getAuthAssignment( string $itemName, mixed $userId )
Returns the item assignment information.
Returns the item assignment information.
Parameters
- $itemName
string
$itemName the item name- $userId
mixed
$userId the user ID (see IWebUser::getId()) Returns
CAuthAssignmentthe item assignment information. Null is returned if the item is not assigned to
the user.
|
public
array
|
#
getAuthAssignments( mixed $userId )
Returns the item assignments for the specified user.
Returns the item assignments for the specified user.
Parameters
Returns
array
the item assignment information for the user. An empty array will be returned if
there is no item assigned to the user.
|
public
|
|
public
|
#
clearAll( )
Removes all authorization data.
Removes all authorization data.
|
public
|
|
public
|
#
save( )
Saves authorization data into persistent storage. If any change is made to
the authorization data, please make sure you call this method to save the
changed data into persistent storage.
Saves authorization data into persistent storage. If any change is made to
the authorization data, please make sure you call this method to save the
changed data into persistent storage.
|
public
boolean
|
#
executeBizRule( string $bizRule, array $params, mixed $data )
Executes a business rule. A business rule is a piece of PHP code that will be
executed when IAuthManager::checkAccess() is called.
Parameters
- $bizRule
string
$bizRule the business rule to be executed.- $params
array
$params additional parameters to be passed to the business rule when being
executed.- $data
mixed
$data additional data that is associated with the corresponding authorization
item or assignment Returns
boolean
whether the execution returns a true value. If the business rule is empty, it
will also return true.
|