Class yii\rbac\PhpManager
Inheritance | yii\rbac\PhpManager » yii\rbac\BaseManager » yii\base\Component » yii\base\BaseObject |
---|---|
Implements | yii\base\Configurable, yii\rbac\ManagerInterface |
Available since version | 2.0 |
Source Code | https://github.com/yiisoft/yii2/blob/master/framework/rbac/PhpManager.php |
PhpManager represents an authorization manager that stores authorization information in terms of a PHP script file.
The authorization data will be saved to and loaded from three files specified by $itemFile, $assignmentFile and $ruleFile.
PhpManager is mainly suitable for authorization data that is not too big (for example, the authorization data for a personal blog system). Use yii\rbac\DbManager for more complex authorization data.
Note that PhpManager is not compatible with facebooks HHVM because it relies on writing php files and including them afterwards which is not supported by HHVM.
For more details and usage information on PhpManager, see the guide article on security authorization.
Public Properties
Property | Type | Description | Defined By |
---|---|---|---|
$assignmentFile | string | The path of the PHP script that contains the authorization assignments. | yii\rbac\PhpManager |
$behaviors | yii\base\Behavior[] | List of behaviors attached to this component. This property is read-only. | yii\base\Component |
$defaultRoleInstances | yii\rbac\Role[] | Default roles. The array is indexed by the role names. This property is read-only. | yii\rbac\BaseManager |
$itemFile | string | The path of the PHP script that contains the authorization items. | yii\rbac\PhpManager |
$permissions | yii\rbac\Permission[] | All permissions in the system. | yii\rbac\BaseManager |
$roles | yii\rbac\Role[] | All roles in the system. | yii\rbac\BaseManager |
$ruleFile | string | The path of the PHP script that contains the authorization rules. | yii\rbac\PhpManager |
Protected Properties
Property | Type | Description | Defined By |
---|---|---|---|
$assignments | array | yii\rbac\PhpManager | |
$children | array | yii\rbac\PhpManager | |
$defaultRoles | array | A list of role names that are assigned to every user automatically without calling assign(). | yii\rbac\BaseManager |
$items | yii\rbac\Item[] | yii\rbac\PhpManager | |
$rules | yii\rbac\Rule[] | yii\rbac\PhpManager |
Public Methods
Method | Description | Defined By |
---|---|---|
__call() | Calls the named method which is not a class method. | yii\base\Component |
__clone() | This method is called after the object is created by cloning an existing one. | yii\base\Component |
__construct() | Constructor. | yii\base\BaseObject |
__get() | Returns the value of a component property. | yii\base\Component |
__isset() | Checks if a property is set, i.e. defined and not null. | yii\base\Component |
__set() | Sets the value of a component property. | yii\base\Component |
__unset() | Sets a component property to be null. | yii\base\Component |
add() | Adds a role, permission or rule to the RBAC system. | yii\rbac\BaseManager |
addChild() | Adds an item as a child of another item. | yii\rbac\PhpManager |
assign() | Assigns a role to a user. | yii\rbac\PhpManager |
attachBehavior() | Attaches a behavior to this component. | yii\base\Component |
attachBehaviors() | Attaches a list of behaviors to the component. | yii\base\Component |
behaviors() | Returns a list of behaviors that this component should behave as. | yii\base\Component |
canAddChild() | Checks the possibility of adding a child to parent. | yii\rbac\PhpManager |
canGetProperty() | Returns a value indicating whether a property can be read. | yii\base\Component |
canSetProperty() | Returns a value indicating whether a property can be set. | yii\base\Component |
checkAccess() | yii\rbac\PhpManager | |
className() | Returns the fully qualified name of this class. | yii\base\BaseObject |
createPermission() | Creates a new Permission object. | yii\rbac\BaseManager |
createRole() | Creates a new Role object. | yii\rbac\BaseManager |
detachBehavior() | Detaches a behavior from the component. | yii\base\Component |
detachBehaviors() | Detaches all behaviors from the component. | yii\base\Component |
ensureBehaviors() | Makes sure that the behaviors declared in behaviors() are attached to this component. | yii\base\Component |
getAssignment() | Returns the assignment information regarding a role and a user. | yii\rbac\PhpManager |
getAssignments() | Returns all role assignment information for the specified user. | yii\rbac\PhpManager |
getBehavior() | Returns the named behavior object. | yii\base\Component |
getBehaviors() | Returns all behaviors attached to this component. | yii\base\Component |
getChildRoles() | Returns child roles of the role specified. Depth isn't limited. | yii\rbac\PhpManager |
getChildren() | Returns the child permissions and/or roles. | yii\rbac\PhpManager |
getDefaultRoleInstances() | Returns defaultRoles as array of Role objects. | yii\rbac\BaseManager |
getDefaultRoles() | Get default roles | yii\rbac\BaseManager |
getItem() | Returns the named auth item. | yii\rbac\PhpManager |
getItems() | Returns the items of the specified type. | yii\rbac\PhpManager |
getPermission() | Returns the named permission. | yii\rbac\BaseManager |
getPermissions() | Returns all permissions in the system. | yii\rbac\BaseManager |
getPermissionsByRole() | Returns all permissions that the specified role represents. | yii\rbac\PhpManager |
getPermissionsByUser() | Returns all permissions that the user has. | yii\rbac\PhpManager |
getRole() | Returns the named role. | yii\rbac\BaseManager |
getRoles() | Returns all roles in the system. | yii\rbac\BaseManager |
getRolesByUser() | {@inheritdoc} The roles returned by this method include the roles assigned via $defaultRoles. | yii\rbac\PhpManager |
getRule() | Returns the rule of the specified name. | yii\rbac\PhpManager |
getRules() | Returns all rules available in the system. | yii\rbac\PhpManager |
getUserIdsByRole() | Returns all user IDs assigned to the role specified. | yii\rbac\PhpManager |
hasChild() | Returns a value indicating whether the child already exists for the parent. | yii\rbac\PhpManager |
hasEventHandlers() | Returns a value indicating whether there is any handler attached to the named event. | yii\base\Component |
hasMethod() | Returns a value indicating whether a method is defined. | yii\base\Component |
hasProperty() | Returns a value indicating whether a property is defined for this component. | yii\base\Component |
init() | Initializes the application component. | yii\rbac\PhpManager |
off() | Detaches an existing event handler from this component. | yii\base\Component |
on() | Attaches an event handler to an event. | yii\base\Component |
remove() | Removes a role, permission or rule from the RBAC system. | yii\rbac\BaseManager |
removeAll() | Removes all authorization data, including roles, permissions, rules, and assignments. | yii\rbac\PhpManager |
removeAllAssignments() | Removes all role assignments. | yii\rbac\PhpManager |
removeAllPermissions() | Removes all permissions. | yii\rbac\PhpManager |
removeAllRoles() | Removes all roles. | yii\rbac\PhpManager |
removeAllRules() | Removes all rules. | yii\rbac\PhpManager |
removeChild() | Removes a child from its parent. | yii\rbac\PhpManager |
removeChildren() | Removed all children form their parent. | yii\rbac\PhpManager |
removeItem() | Removes an auth item from the RBAC system. | yii\rbac\PhpManager |
revoke() | Revokes a role from a user. | yii\rbac\PhpManager |
revokeAll() | Revokes all roles from a user. | yii\rbac\PhpManager |
setDefaultRoles() | Set default roles | yii\rbac\BaseManager |
trigger() | Triggers an event. | yii\base\Component |
update() | Updates the specified role, permission or rule in the system. | yii\rbac\BaseManager |
updateRule() | Updates a rule to the RBAC system. | yii\rbac\PhpManager |
Protected Methods
Method | Description | Defined By |
---|---|---|
addItem() | Adds an auth item to the RBAC system. | yii\rbac\PhpManager |
addRule() | Adds a rule to the RBAC system. | yii\rbac\PhpManager |
checkAccessRecursive() | Performs access check for the specified user. | yii\rbac\PhpManager |
detectLoop() | Checks whether there is a loop in the authorization item hierarchy. | yii\rbac\PhpManager |
executeRule() | Executes the rule associated with the specified auth item. | yii\rbac\BaseManager |
getChildrenRecursive() | Recursively finds all children and grand children of the specified item. | yii\rbac\PhpManager |
getDirectPermissionsByUser() | Returns all permissions that are directly assigned to user. | yii\rbac\PhpManager |
getInheritedPermissionsByUser() | Returns all permissions that the user inherits from the roles assigned to him. | yii\rbac\PhpManager |
hasNoAssignments() | Checks whether array of $assignments is empty and $defaultRoles property is empty as well. | yii\rbac\BaseManager |
invalidateScriptCache() | Invalidates precompiled script cache (such as OPCache or APC) for the given file. | yii\rbac\PhpManager |
load() | Loads authorization data from persistent storage. | yii\rbac\PhpManager |
loadFromFile() | Loads the authorization data from a PHP script file. | yii\rbac\PhpManager |
removeAllItems() | Removes all auth items of the specified type. | yii\rbac\PhpManager |
removeRule() | Removes a rule from the RBAC system. | yii\rbac\PhpManager |
save() | Saves authorization data into persistent storage. | yii\rbac\PhpManager |
saveAssignments() | Saves assignments data into persistent storage. | yii\rbac\PhpManager |
saveItems() | Saves items data into persistent storage. | yii\rbac\PhpManager |
saveRules() | Saves rules data into persistent storage. | yii\rbac\PhpManager |
saveToFile() | Saves the authorization data to a PHP script file. | yii\rbac\PhpManager |
updateItem() | Updates an auth item in the RBAC system. | yii\rbac\PhpManager |
Property Details
The path of the PHP script that contains the authorization assignments. This can be either a file path or a path alias to the file. Make sure this file is writable by the Web server process if the authorization needs to be changed online.
See also:
The path of the PHP script that contains the authorization items. This can be either a file path or a path alias to the file. Make sure this file is writable by the Web server process if the authorization needs to be changed online.
See also:
The path of the PHP script that contains the authorization rules. This can be either a file path or a path alias to the file. Make sure this file is writable by the Web server process if the authorization needs to be changed online.
See also:
Method Details
Adds an item as a child of another item.
public boolean addChild ( $parent, $child ) | ||
$parent | yii\rbac\Item | |
$child | yii\rbac\Item | |
return | boolean | Whether the child successfully added |
---|---|---|
throws | yii\base\Exception | if the parent-child relationship already exists or if a loop has been detected. |
Adds an auth item to the RBAC system.
protected boolean addItem ( $item ) | ||
$item | yii\rbac\Item | The item to add |
return | boolean | Whether the auth item is successfully added to the system |
---|---|---|
throws | Exception | if data validation or saving fails (such as the name of the role or permission is not unique) |
Adds a rule to the RBAC system.
protected boolean addRule ( $rule ) | ||
$rule | yii\rbac\Rule | The rule to add |
return | boolean | Whether the rule is successfully added to the system |
---|---|---|
throws | Exception | if data validation or saving fails (such as the name of the rule is not unique) |
Assigns a role to a user.
public yii\rbac\Assignment assign ( $role, $userId ) | ||
$role | yii\rbac\Role|yii\rbac\Permission | |
$userId | string|integer | The user ID (see yii\web\User::$id) |
return | yii\rbac\Assignment | The role assignment information. |
---|---|---|
throws | Exception | if the role has already been assigned to the user |
Checks the possibility of adding a child to parent.
public boolean canAddChild ( $parent, $child ) | ||
$parent | yii\rbac\Item | The parent item |
$child | yii\rbac\Item | The child item to be added to the hierarchy |
return | boolean | Possibility of adding |
---|
public void checkAccess ( $userId, $permissionName, $params = [] ) | ||
$userId | ||
$permissionName | ||
$params |
Performs access check for the specified user.
This method is internally called by checkAccess().
protected boolean checkAccessRecursive ( $user, $itemName, $params, $assignments ) | ||
$user | string|integer | The user ID. This should can be either an integer or a string representing the unique identifier of a user. See yii\web\User::$id. |
$itemName | string | The name of the operation that need access check |
$params | array | Name-value pairs that would be passed to rules associated
with the tasks and roles assigned to the user. A param with name 'user' is added to this array,
which holds the value of |
$assignments | yii\rbac\Assignment[] | The assignments to the specified user |
return | boolean | Whether the operations can be performed by the user. |
---|
Checks whether there is a loop in the authorization item hierarchy.
protected boolean detectLoop ( $parent, $child ) | ||
$parent | yii\rbac\Item | Parent item |
$child | yii\rbac\Item | The child item that is to be added to the hierarchy |
return | boolean | Whether a loop exists |
---|
Returns the assignment information regarding a role and a user.
public null|yii\rbac\Assignment getAssignment ( $roleName, $userId ) | ||
$roleName | string | The role name |
$userId | string|integer | The user ID (see yii\web\User::$id) |
return | null|yii\rbac\Assignment | The assignment information. Null is returned if the role is not assigned to the user. |
---|
Returns all role assignment information for the specified user.
public yii\rbac\Assignment[] getAssignments ( $userId ) | ||
$userId | string|integer | The user ID (see yii\web\User::$id) |
return | yii\rbac\Assignment[] | The assignments indexed by role names. An empty array will be returned if there is no role assigned to the user. |
---|
Returns child roles of the role specified. Depth isn't limited.
public yii\rbac\Role[] getChildRoles ( $roleName ) | ||
$roleName | string | Name of the role to file child roles for |
return | yii\rbac\Role[] | Child roles. The array is indexed by the role names. First element is an instance of the parent Role itself. |
---|---|---|
throws | yii\base\InvalidParamException | if Role was not found that are getting by $roleName |
Returns the child permissions and/or roles.
public yii\rbac\Item[] getChildren ( $name ) | ||
$name | string | The parent name |
return | yii\rbac\Item[] | The child permissions and/or roles |
---|
Recursively finds all children and grand children of the specified item.
protected void getChildrenRecursive ( $name, &$result ) | ||
$name | string | The name of the item whose children are to be looked for. |
$result | array | The children and grand children (in array keys) |
Returns all permissions that are directly assigned to user.
protected yii\rbac\Permission[] getDirectPermissionsByUser ( $userId ) | ||
$userId | string|integer | The user ID (see yii\web\User::$id) |
return | yii\rbac\Permission[] | All direct permissions that the user has. The array is indexed by the permission names. |
---|
Returns all permissions that the user inherits from the roles assigned to him.
protected yii\rbac\Permission[] getInheritedPermissionsByUser ( $userId ) | ||
$userId | string|integer | The user ID (see yii\web\User::$id) |
return | yii\rbac\Permission[] | All inherited permissions that the user has. The array is indexed by the permission names. |
---|
Returns the named auth item.
public yii\rbac\Item|null getItem ( $name ) | ||
$name | string | The auth item name. |
return | yii\rbac\Item|null | The auth item corresponding to the specified name. Null is returned if no such item. |
---|
Returns the items of the specified type.
public yii\rbac\Item[] getItems ( $type ) | ||
$type | integer | The auth item type (either yii\rbac\Item::TYPE_ROLE or yii\rbac\Item::TYPE_PERMISSION |
return | yii\rbac\Item[] | The auth items of the specified type. |
---|
Returns all permissions that the specified role represents.
public yii\rbac\Permission[] getPermissionsByRole ( $roleName ) | ||
$roleName | string | The role name |
return | yii\rbac\Permission[] | All permissions that the role represents. The array is indexed by the permission names. |
---|
Returns all permissions that the user has.
public yii\rbac\Permission[] getPermissionsByUser ( $userId ) | ||
$userId | string|integer | The user ID (see yii\web\User::$id) |
return | yii\rbac\Permission[] | All permissions that the user has. The array is indexed by the permission names. |
---|
{@inheritdoc} The roles returned by this method include the roles assigned via $defaultRoles.
public void getRolesByUser ( $userId ) | ||
$userId |
Returns the rule of the specified name.
public null|yii\rbac\Rule getRule ( $name ) | ||
$name | string | The rule name |
return | null|yii\rbac\Rule | The rule object, or null if the specified name does not correspond to a rule. |
---|
Returns all rules available in the system.
public yii\rbac\Rule[] getRules ( ) | ||
return | yii\rbac\Rule[] | The rules indexed by the rule names |
---|
Returns all user IDs assigned to the role specified.
public array getUserIdsByRole ( $roleName ) | ||
$roleName | string | |
return | array | Array of user ID strings |
---|
Returns a value indicating whether the child already exists for the parent.
public boolean hasChild ( $parent, $child ) | ||
$parent | yii\rbac\Item | |
$child | yii\rbac\Item | |
return | boolean | Whether |
---|
Initializes the application component.
This method overrides parent implementation by loading the authorization data from PHP script.
public void init ( ) |
Invalidates precompiled script cache (such as OPCache or APC) for the given file.
protected void invalidateScriptCache ( $file ) | ||
$file | string | The file path. |
Loads authorization data from persistent storage.
protected void load ( ) |
Loads the authorization data from a PHP script file.
See also saveToFile().
protected array loadFromFile ( $file ) | ||
$file | string | The file path. |
return | array | The authorization data |
---|
Removes all authorization data, including roles, permissions, rules, and assignments.
public void removeAll ( ) |
Removes all role assignments.
public void removeAllAssignments ( ) |
Removes all auth items of the specified type.
protected void removeAllItems ( $type ) | ||
$type | integer | The auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE) |
Removes all permissions.
All parent child relations will be adjusted accordingly.
public void removeAllPermissions ( ) |
Removes all roles.
All parent child relations will be adjusted accordingly.
public void removeAllRoles ( ) |
Removes all rules.
All roles and permissions which have rules will be adjusted accordingly.
public void removeAllRules ( ) |
Removes a child from its parent.
Note, the child item is not deleted. Only the parent-child relationship is removed.
public boolean removeChild ( $parent, $child ) | ||
$parent | yii\rbac\Item | |
$child | yii\rbac\Item | |
return | boolean | Whether the removal is successful |
---|
Removed all children form their parent.
Note, the children items are not deleted. Only the parent-child relationships are removed.
public boolean removeChildren ( $parent ) | ||
$parent | yii\rbac\Item | |
return | boolean | Whether the removal is successful |
---|
Removes an auth item from the RBAC system.
public boolean removeItem ( $item ) | ||
$item | yii\rbac\Item | The item to remove |
return | boolean | Whether the role or permission is successfully removed |
---|---|---|
throws | Exception | if data validation or saving fails (such as the name of the role or permission is not unique) |
Removes a rule from the RBAC system.
protected boolean removeRule ( $rule ) | ||
$rule | yii\rbac\Rule | The rule to remove |
return | boolean | Whether the rule is successfully removed |
---|---|---|
throws | Exception | if data validation or saving fails (such as the name of the rule is not unique) |
Revokes a role from a user.
public boolean revoke ( $role, $userId ) | ||
$role | yii\rbac\Role|yii\rbac\Permission | |
$userId | string|integer | The user ID (see yii\web\User::$id) |
return | boolean | Whether the revoking is successful |
---|
Revokes all roles from a user.
public boolean revokeAll ( $userId ) | ||
$userId | mixed | The user ID (see yii\web\User::$id) |
return | boolean | Whether the revoking is successful |
---|
Saves authorization data into persistent storage.
protected void save ( ) |
Saves assignments data into persistent storage.
protected void saveAssignments ( ) |
Saves items data into persistent storage.
protected void saveItems ( ) |
Saves rules data into persistent storage.
protected void saveRules ( ) |
Saves the authorization data to a PHP script file.
See also loadFromFile().
protected void saveToFile ( $data, $file ) | ||
$data | array | The authorization data |
$file | string | The file path. |
Updates an auth item in the RBAC system.
protected boolean updateItem ( $name, $item ) | ||
$name | string | The name of the item being updated |
$item | yii\rbac\Item | The updated item |
return | boolean | Whether the auth item is successfully updated |
---|---|---|
throws | Exception | if data validation or saving fails (such as the name of the role or permission is not unique) |
Updates a rule to the RBAC system.
public boolean updateRule ( $name, $rule ) | ||
$name | string | The name of the rule being updated |
$rule | yii\rbac\Rule | The updated rule |
return | boolean | Whether the rule is successfully updated |
---|---|---|
throws | Exception | if data validation or saving fails (such as the name of the rule is not unique) |