Class yii\mongodb\rbac\MongoDbManager

Inheritanceyii\mongodb\rbac\MongoDbManager » yii\rbac\BaseManager » yii\base\Component » yii\base\BaseObject
Implementsyii\base\Configurable, yii\rbac\ManagerInterface
Available since version2.0.5
Source Code https://github.com/yiisoft/yii2-mongodb/blob/master/rbac/MongoDbManager.php

MongoDbManager represents an authorization manager that stores authorization information in MongoDB.

Manager uses 3 collections for the RBAC data storage:

These collection are better to be pre-created with search fields indexed.

Public Properties

Hide inherited properties

PropertyTypeDescriptionDefined By
$assignmentCollection string|array The name of the collection storing authorization item assignments. yii\mongodb\rbac\MongoDbManager
$behaviors yii\base\Behavior[] List of behaviors attached to this component. This property is read-only. yii\base\Component
$cache yii\caching\Cache|array|string The cache used to improve RBAC performance. yii\mongodb\rbac\MongoDbManager
$cacheKey string The key used to store RBAC data in cache yii\mongodb\rbac\MongoDbManager
$db yii\mongodb\Connection|array|string The MongoDB connection object or the application component ID of the MongoDB connection. yii\mongodb\rbac\MongoDbManager
$defaultRoleInstances yii\rbac\Role[] Default roles. The array is indexed by the role names. This property is read-only. yii\rbac\BaseManager
$itemCollection string|array The name of the collection storing authorization items. yii\mongodb\rbac\MongoDbManager
$permissions yii\rbac\Permission[] All permissions in the system. yii\rbac\BaseManager
$roles yii\rbac\Role[] All roles in the system. yii\rbac\BaseManager
$ruleCollection string|array The name of the collection storing rules. yii\mongodb\rbac\MongoDbManager

Protected Properties

Hide inherited properties

PropertyTypeDescriptionDefined By
$defaultRoles array A list of role names that are assigned to every user automatically without calling assign(). yii\rbac\BaseManager
$items yii\rbac\Item[] All auth items (name => Item) yii\mongodb\rbac\MongoDbManager
$rules yii\rbac\Rule[] All auth rules (name => Rule) yii\mongodb\rbac\MongoDbManager

Public Methods

Hide inherited methods

MethodDescriptionDefined By
__call() Calls the named method which is not a class method. yii\base\Component
__clone() This method is called after the object is created by cloning an existing one. yii\base\Component
__construct() Constructor. yii\base\BaseObject
__get() Returns the value of a component property. yii\base\Component
__isset() Checks if a property is set, i.e. defined and not null. yii\base\Component
__set() Sets the value of a component property. yii\base\Component
__unset() Sets a component property to be null. yii\base\Component
add() Adds a role, permission or rule to the RBAC system. yii\rbac\BaseManager
addChild() Adds an item as a child of another item. yii\mongodb\rbac\MongoDbManager
assign() Assigns a role to a user. yii\mongodb\rbac\MongoDbManager
attachBehavior() Attaches a behavior to this component. yii\base\Component
attachBehaviors() Attaches a list of behaviors to the component. yii\base\Component
behaviors() Returns a list of behaviors that this component should behave as. yii\base\Component
canAddChild() Checks the possibility of adding a child to parent. yii\mongodb\rbac\MongoDbManager
canGetProperty() Returns a value indicating whether a property can be read. yii\base\Component
canSetProperty() Returns a value indicating whether a property can be set. yii\base\Component
checkAccess() yii\mongodb\rbac\MongoDbManager
className() Returns the fully qualified name of this class. yii\base\BaseObject
createPermission() Creates a new Permission object. yii\rbac\BaseManager
createRole() Creates a new Role object. yii\rbac\BaseManager
detachBehavior() Detaches a behavior from the component. yii\base\Component
detachBehaviors() Detaches all behaviors from the component. yii\base\Component
ensureBehaviors() Makes sure that the behaviors declared in behaviors() are attached to this component. yii\base\Component
getAssignment() Returns the assignment information regarding a role and a user. yii\mongodb\rbac\MongoDbManager
getAssignments() Returns all role assignment information for the specified user. yii\mongodb\rbac\MongoDbManager
getBehavior() Returns the named behavior object. yii\base\Component
getBehaviors() Returns all behaviors attached to this component. yii\base\Component
getChildRoles() Returns child roles of the role specified. Depth isn't limited. yii\mongodb\rbac\MongoDbManager
getChildren() Returns the child permissions and/or roles. yii\mongodb\rbac\MongoDbManager
getDefaultRoleInstances() Returns defaultRoles as array of Role objects. yii\rbac\BaseManager
getDefaultRoles() Get default roles yii\rbac\BaseManager
getPermission() Returns the named permission. yii\rbac\BaseManager
getPermissions() Returns all permissions in the system. yii\rbac\BaseManager
getPermissionsByRole() Returns all permissions that the specified role represents. yii\mongodb\rbac\MongoDbManager
getPermissionsByUser() Returns all permissions that the user has. yii\mongodb\rbac\MongoDbManager
getRole() Returns the named role. yii\rbac\BaseManager
getRoles() Returns all roles in the system. yii\rbac\BaseManager
getRolesByUser() Returns the roles that are assigned to the user via assign(). yii\mongodb\rbac\MongoDbManager
getRule() Returns the rule of the specified name. yii\mongodb\rbac\MongoDbManager
getRules() Returns all rules available in the system. yii\mongodb\rbac\MongoDbManager
getUserIdsByRole() Returns all user IDs assigned to the role specified. yii\mongodb\rbac\MongoDbManager
hasChild() Returns a value indicating whether the child already exists for the parent. yii\mongodb\rbac\MongoDbManager
hasEventHandlers() Returns a value indicating whether there is any handler attached to the named event. yii\base\Component
hasMethod() Returns a value indicating whether a method is defined. yii\base\Component
hasProperty() Returns a value indicating whether a property is defined for this component. yii\base\Component
init() Initializes the application component. yii\mongodb\rbac\MongoDbManager
invalidateCache() Invalidates RBAC related cache yii\mongodb\rbac\MongoDbManager
loadFromCache() Loads data from cache yii\mongodb\rbac\MongoDbManager
off() Detaches an existing event handler from this component. yii\base\Component
on() Attaches an event handler to an event. yii\base\Component
remove() Removes a role, permission or rule from the RBAC system. yii\rbac\BaseManager
removeAll() Removes all authorization data, including roles, permissions, rules, and assignments. yii\mongodb\rbac\MongoDbManager
removeAllAssignments() Removes all role assignments. yii\mongodb\rbac\MongoDbManager
removeAllPermissions() Removes all permissions. yii\mongodb\rbac\MongoDbManager
removeAllRoles() Removes all roles. yii\mongodb\rbac\MongoDbManager
removeAllRules() Removes all rules. yii\mongodb\rbac\MongoDbManager
removeChild() Removes a child from its parent. yii\mongodb\rbac\MongoDbManager
removeChildren() Removed all children form their parent. yii\mongodb\rbac\MongoDbManager
revoke() Revokes a role from a user. yii\mongodb\rbac\MongoDbManager
revokeAll() Revokes all roles from a user. yii\mongodb\rbac\MongoDbManager
setDefaultRoles() Set default roles yii\rbac\BaseManager
trigger() Triggers an event. yii\base\Component
update() Updates the specified role, permission or rule in the system. yii\rbac\BaseManager

Protected Methods

Hide inherited methods

MethodDescriptionDefined By
addItem() Adds an auth item to the RBAC system. yii\mongodb\rbac\MongoDbManager
addRule() Adds a rule to the RBAC system. yii\mongodb\rbac\MongoDbManager
checkAccessFromCache() Performs access check for the specified user based on the data loaded from cache. yii\mongodb\rbac\MongoDbManager
checkAccessRecursive() Performs access check for the specified user. yii\mongodb\rbac\MongoDbManager
detectLoop() Checks whether there is a loop in the authorization item hierarchy. yii\mongodb\rbac\MongoDbManager
executeRule() Executes the rule associated with the specified auth item. yii\rbac\BaseManager
getChildrenList() Returns the children for every parent. yii\mongodb\rbac\MongoDbManager
getChildrenRecursive() Recursively finds all children and grand children of the specified item. yii\mongodb\rbac\MongoDbManager
getItem() Returns the named auth item. yii\mongodb\rbac\MongoDbManager
getItems() Returns the items of the specified type. yii\mongodb\rbac\MongoDbManager
hasNoAssignments() Checks whether array of $assignments is empty and $defaultRoles property is empty as well. yii\rbac\BaseManager
populateItem() Populates an auth item with the data fetched from collection yii\mongodb\rbac\MongoDbManager
removeAllItems() Removes all auth items of the specified type. yii\mongodb\rbac\MongoDbManager
removeItem() Removes an auth item from the RBAC system. yii\mongodb\rbac\MongoDbManager
removeRule() Removes a rule from the RBAC system. yii\mongodb\rbac\MongoDbManager
updateItem() Updates an auth item in the RBAC system. yii\mongodb\rbac\MongoDbManager
updateRule() Updates a rule to the RBAC system. yii\mongodb\rbac\MongoDbManager

Property Details

$assignmentCollection public property

The name of the collection storing authorization item assignments. Defaults to "auth_assignment".

public string|array $assignmentCollection 'auth_assignment'
$cache public property

The cache used to improve RBAC performance. This can be one of the following:

  • an application component ID (e.g. cache)
  • a configuration array
  • a yii\caching\Cache object

When this is not set, it means caching is not enabled.

Note that by enabling RBAC cache, all auth items, rules and auth item parent-child relationships will be cached and loaded into memory. This will improve the performance of RBAC permission check. However, it does require extra memory and as a result may not be appropriate if your RBAC system contains too many auth items. You should seek other RBAC implementations (e.g. RBAC based on Redis storage) in this case.

Also note that if you modify RBAC items, rules or parent-child relationships from outside of this component, you have to manually call invalidateCache() to ensure data consistency.

$cacheKey public property

The key used to store RBAC data in cache

See also $cache.

public string $cacheKey 'rbac'
$db public property

The MongoDB connection object or the application component ID of the MongoDB connection. After the MongoDbManager object is created, if you want to change this property, you should only assign it with a MongoDB connection object.

$itemCollection public property

The name of the collection storing authorization items. Defaults to "auth_item".

public string|array $itemCollection 'auth_item'
$items protected property

All auth items (name => Item)

protected yii\rbac\Item[] $items null
$ruleCollection public property

The name of the collection storing rules. Defaults to "auth_rule".

public string|array $ruleCollection 'auth_rule'
$rules protected property

All auth rules (name => Rule)

protected yii\rbac\Rule[] $rules null

Method Details

addChild() public method

Adds an item as a child of another item.

public boolean addChild ( $parent, $child )
$parent yii\rbac\Item
$child yii\rbac\Item
return boolean

Whether the child successfully added

throws yii\base\Exception

if the parent-child relationship already exists or if a loop has been detected.

addItem() protected method

Adds an auth item to the RBAC system.

protected boolean addItem ( $item )
$item yii\rbac\Item

The item to add

return boolean

Whether the auth item is successfully added to the system

throws Exception

if data validation or saving fails (such as the name of the role or permission is not unique)

addRule() protected method

Adds a rule to the RBAC system.

protected boolean addRule ( $rule )
$rule yii\rbac\Rule

The rule to add

return boolean

Whether the rule is successfully added to the system

throws Exception

if data validation or saving fails (such as the name of the rule is not unique)

assign() public method

Assigns a role to a user.

public yii\rbac\Assignment assign ( $role, $userId )
$role yii\rbac\Role|yii\rbac\Permission
$userId string|integer

The user ID (see yii\web\User::$id)

return yii\rbac\Assignment

The role assignment information.

throws Exception

if the role has already been assigned to the user

canAddChild() public method (available since version 2.0.8)

Checks the possibility of adding a child to parent.

public boolean canAddChild ( $parent, $child )
$parent yii\rbac\Item

The parent item

$child yii\rbac\Item

The child item to be added to the hierarchy

return boolean

Possibility of adding

checkAccess() public method

public void checkAccess ( $userId, $permissionName, $params = [] )
$userId
$permissionName
$params
checkAccessFromCache() protected method

Performs access check for the specified user based on the data loaded from cache.

This method is internally called by checkAccess() when $cache is enabled.

protected boolean checkAccessFromCache ( $user, $itemName, $params, $assignments )
$user string|integer

The user ID. This should can be either an integer or a string representing the unique identifier of a user. See yii\web\User::$id.

$itemName string

The name of the operation that need access check

$params array

Name-value pairs that would be passed to rules associated with the tasks and roles assigned to the user. A param with name 'user' is added to this array, which holds the value of $userId.

$assignments yii\rbac\Assignment[]

The assignments to the specified user

return boolean

Whether the operations can be performed by the user.

checkAccessRecursive() protected method

Performs access check for the specified user.

This method is internally called by checkAccess().

protected boolean checkAccessRecursive ( $user, $itemName, $params, $assignments )
$user string|integer

The user ID. This should can be either an integer or a string representing the unique identifier of a user. See yii\web\User::$id.

$itemName string

The name of the operation that need access check

$params array

Name-value pairs that would be passed to rules associated with the tasks and roles assigned to the user. A param with name 'user' is added to this array, which holds the value of $userId.

$assignments yii\rbac\Assignment[]

The assignments to the specified user

return boolean

Whether the operations can be performed by the user.

detectLoop() protected method

Checks whether there is a loop in the authorization item hierarchy.

protected boolean detectLoop ( $parent, $child )
$parent yii\rbac\Item

The parent item

$child yii\rbac\Item

The child item to be added to the hierarchy

return boolean

Whether a loop exists

getAssignment() public method

Returns the assignment information regarding a role and a user.

public null|yii\rbac\Assignment getAssignment ( $roleName, $userId )
$roleName string

The role name

$userId string|integer

The user ID (see yii\web\User::$id)

return null|yii\rbac\Assignment

The assignment information. Null is returned if the role is not assigned to the user.

getAssignments() public method

Returns all role assignment information for the specified user.

public yii\rbac\Assignment[] getAssignments ( $userId )
$userId string|integer

The user ID (see yii\web\User::$id)

return yii\rbac\Assignment[]

The assignments indexed by role names. An empty array will be returned if there is no role assigned to the user.

getChildRoles() public method (available since version 2.1.2)

Returns child roles of the role specified. Depth isn't limited.

public yii\rbac\Role[] getChildRoles ( $roleName )
$roleName string

Name of the role to file child roles for

return yii\rbac\Role[]

Child roles. The array is indexed by the role names. First element is an instance of the parent Role itself.

throws yii\base\InvalidParamException

if Role was not found that are getting by $roleName

getChildren() public method

Returns the child permissions and/or roles.

public yii\rbac\Item[] getChildren ( $name )
$name string

The parent name

return yii\rbac\Item[]

The child permissions and/or roles

getChildrenList() protected method

Returns the children for every parent.

protected array getChildrenList ( )
return array

The children list. Each array key is a parent item name, and the corresponding array value is a list of child item names.

getChildrenRecursive() protected method

Recursively finds all children and grand children of the specified item.

protected void getChildrenRecursive ( $name, $childrenList, &$result )
$name string

The name of the item whose children are to be looked for.

$childrenList array

The child list built via getChildrenList()

$result array

The children and grand children (in array keys)

getItem() protected method

Returns the named auth item.

protected yii\rbac\Item|null getItem ( $name )
$name string

The auth item name.

return yii\rbac\Item|null

The auth item corresponding to the specified name. Null is returned if no such item.

getItems() protected method

Returns the items of the specified type.

protected yii\rbac\Item[] getItems ( $type )
$type integer

The auth item type (either yii\rbac\Item::TYPE_ROLE or yii\rbac\Item::TYPE_PERMISSION

return yii\rbac\Item[]

The auth items of the specified type.

getPermissionsByRole() public method

Returns all permissions that the specified role represents.

public yii\rbac\Permission[] getPermissionsByRole ( $roleName )
$roleName string

The role name

return yii\rbac\Permission[]

All permissions that the role represents. The array is indexed by the permission names.

getPermissionsByUser() public method

Returns all permissions that the user has.

public yii\rbac\Permission[] getPermissionsByUser ( $userId )
$userId string|integer

The user ID (see yii\web\User::$id)

return yii\rbac\Permission[]

All permissions that the user has. The array is indexed by the permission names.

getRolesByUser() public method

Returns the roles that are assigned to the user via assign().

Note that child roles that are not assigned directly to the user will not be returned.

public yii\rbac\Role[] getRolesByUser ( $userId )
$userId string|integer

The user ID (see yii\web\User::$id)

return yii\rbac\Role[]

All roles directly assigned to the user. The array is indexed by the role names.

getRule() public method

Returns the rule of the specified name.

public null|yii\rbac\Rule getRule ( $name )
$name string

The rule name

return null|yii\rbac\Rule

The rule object, or null if the specified name does not correspond to a rule.

getRules() public method

Returns all rules available in the system.

public yii\rbac\Rule[] getRules ( )
return yii\rbac\Rule[]

The rules indexed by the rule names

getUserIdsByRole() public method (available since version 2.0.7)

Returns all user IDs assigned to the role specified.

public array getUserIdsByRole ( $roleName )
$roleName string
return array

Array of user ID strings

hasChild() public method

Returns a value indicating whether the child already exists for the parent.

public boolean hasChild ( $parent, $child )
$parent yii\rbac\Item
$child yii\rbac\Item
return boolean

Whether $child is already a child of $parent

init() public method

Initializes the application component.

This method overrides the parent implementation by establishing the MongoDB connection.

public void init ( )
invalidateCache() public method

Invalidates RBAC related cache

public void invalidateCache ( )
loadFromCache() public method

Loads data from cache

public void loadFromCache ( )
populateItem() protected method

Populates an auth item with the data fetched from collection

protected yii\rbac\Item populateItem ( $row )
$row array

The data from the auth item collection

return yii\rbac\Item

The populated auth item instance (either Role or Permission)

removeAll() public method

Removes all authorization data, including roles, permissions, rules, and assignments.

public void removeAll ( )
removeAllAssignments() public method

Removes all role assignments.

public void removeAllAssignments ( )
removeAllItems() protected method

Removes all auth items of the specified type.

protected void removeAllItems ( $type )
$type integer

The auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE)

removeAllPermissions() public method

Removes all permissions.

All parent child relations will be adjusted accordingly.

public void removeAllPermissions ( )
removeAllRoles() public method

Removes all roles.

All parent child relations will be adjusted accordingly.

public void removeAllRoles ( )
removeAllRules() public method

Removes all rules.

All roles and permissions which have rules will be adjusted accordingly.

public void removeAllRules ( )
removeChild() public method

Removes a child from its parent.

Note, the child item is not deleted. Only the parent-child relationship is removed.

public boolean removeChild ( $parent, $child )
$parent yii\rbac\Item
$child yii\rbac\Item
return boolean

Whether the removal is successful

removeChildren() public method

Removed all children form their parent.

Note, the children items are not deleted. Only the parent-child relationships are removed.

public boolean removeChildren ( $parent )
$parent yii\rbac\Item
return boolean

Whether the removal is successful

removeItem() protected method

Removes an auth item from the RBAC system.

protected boolean removeItem ( $item )
$item yii\rbac\Item

The item to remove

return boolean

Whether the role or permission is successfully removed

throws Exception

if data validation or saving fails (such as the name of the role or permission is not unique)

removeRule() protected method

Removes a rule from the RBAC system.

protected boolean removeRule ( $rule )
$rule yii\rbac\Rule

The rule to remove

return boolean

Whether the rule is successfully removed

throws Exception

if data validation or saving fails (such as the name of the rule is not unique)

revoke() public method

Revokes a role from a user.

public boolean revoke ( $role, $userId )
$role yii\rbac\Role|yii\rbac\Permission
$userId string|integer

The user ID (see yii\web\User::$id)

return boolean

Whether the revoking is successful

revokeAll() public method

Revokes all roles from a user.

public boolean revokeAll ( $userId )
$userId mixed

The user ID (see yii\web\User::$id)

return boolean

Whether the revoking is successful

updateItem() protected method

Updates an auth item in the RBAC system.

protected boolean updateItem ( $name, $item )
$name string

The name of the item being updated

$item yii\rbac\Item

The updated item

return boolean

Whether the auth item is successfully updated

throws Exception

if data validation or saving fails (such as the name of the role or permission is not unique)

updateRule() protected method

Updates a rule to the RBAC system.

protected boolean updateRule ( $name, $rule )
$name string

The name of the rule being updated

$rule yii\rbac\Rule

The updated rule

return boolean

Whether the rule is successfully updated

throws Exception

if data validation or saving fails (such as the name of the rule is not unique)