Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Y
yii2
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
PSDI Army
yii2
Commits
3fe23f83
Commit
3fe23f83
authored
May 10, 2013
by
Alexander Kochetov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Remove IManager interface
parent
a03d1164
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
168 additions
and
198 deletions
+168
-198
Assignment.php
framework/rbac/Assignment.php
+2
-2
IManager.php
framework/rbac/IManager.php
+0
-175
Item.php
framework/rbac/Item.php
+12
-12
Manager.php
framework/rbac/Manager.php
+154
-9
No files found.
framework/rbac/Assignment.php
View file @
3fe23f83
...
@@ -14,7 +14,7 @@ use yii\base\Object;
...
@@ -14,7 +14,7 @@ use yii\base\Object;
* Assignment represents an assignment of a role to a user.
* Assignment represents an assignment of a role to a user.
* It includes additional assignment information such as [[bizRule]] and [[data]].
* It includes additional assignment information such as [[bizRule]] and [[data]].
* Do not create a Assignment instance using the 'new' operator.
* Do not create a Assignment instance using the 'new' operator.
* Instead, call [[
IManager::assign
]].
* Instead, call [[
Manager::assign()
]].
*
*
* @property mixed $userId User ID (see [[User::id]]).
* @property mixed $userId User ID (see [[User::id]]).
* @property string $itemName The authorization item name.
* @property string $itemName The authorization item name.
...
@@ -35,7 +35,7 @@ class Assignment extends Object
...
@@ -35,7 +35,7 @@ class Assignment extends Object
/**
/**
* Constructor.
* Constructor.
* @param
I
Manager $auth the authorization manager
* @param Manager $auth the authorization manager
* @param mixed $userId user ID (see [[User::id]])
* @param mixed $userId user ID (see [[User::id]])
* @param string $itemName authorization item name
* @param string $itemName authorization item name
* @param string $bizRule the business rule associated with this assignment
* @param string $bizRule the business rule associated with this assignment
...
...
framework/rbac/IManager.php
deleted
100644 → 0
View file @
a03d1164
<?php
/**
* @link http://www.yiiframework.com/
* @copyright Copyright (c) 2008 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
namespace
yii\rbac
;
/**
* IManager interface is implemented by an auth manager application component.
*
* An auth manager is mainly responsible for providing role-based access control (RBAC) service.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @since 2.0
*/
interface
IManager
{
/**
* Performs access check for the specified user.
* @param mixed $userId the user ID. This should be either an integer or a string representing
* the unique identifier of a user. See [[User::id]].
* @param string $itemName the name of the operation that we are checking access to
* @param array $params name-value pairs that would be passed to biz rules associated
* with the tasks and roles assigned to the user.
* @return boolean whether the operations can be performed by the user.
*/
public
function
checkAccess
(
$userId
,
$itemName
,
$params
=
array
());
/**
* Creates an authorization item.
* An authorization item represents an action permission (e.g. creating a post).
* It has three types: operation, task and role.
* Authorization items form a hierarchy. Higher level items inheirt permissions representing
* by lower level items.
* @param string $name the item name. This must be a unique identifier.
* @param integer $type the item type (0: operation, 1: task, 2: role).
* @param string $description description of the item
* @param string $bizRule business rule associated with the item. This is a piece of
* PHP code that will be executed when [[checkAccess()]] is called for the item.
* @param mixed $data additional data associated with the item.
* @throws \yii\base\Exception if an item with the same name already exists
* @return Item the authorization item
*/
public
function
createItem
(
$name
,
$type
,
$description
=
''
,
$bizRule
=
null
,
$data
=
null
);
/**
* Removes the specified authorization item.
* @param string $name the name of the item to be removed
* @return boolean whether the item exists in the storage and has been removed
*/
public
function
removeItem
(
$name
);
/**
* Returns the authorization items of the specific type and user.
* @param mixed $userId the user ID. Defaults to null, meaning returning all items even if
* they are not assigned to a user.
* @param integer $type the item type (0: operation, 1: task, 2: role). Defaults to null,
* meaning returning all items regardless of their type.
* @return Item[] the authorization items of the specific type.
*/
public
function
getItems
(
$userId
=
null
,
$type
=
null
);
/**
* Returns the authorization item with the specified name.
* @param string $name the name of the item
* @return Item the authorization item. Null if the item cannot be found.
*/
public
function
getItem
(
$name
);
/**
* Saves an authorization item to persistent storage.
* @param Item $item the item to be saved.
* @param string $oldName the old item name. If null, it means the item name is not changed.
*/
public
function
saveItem
(
$item
,
$oldName
=
null
);
/**
* Adds an item as a child of another item.
* @param string $itemName the parent item name
* @param string $childName the child item name
* @throws \yii\base\Exception if either parent or child doesn't exist or if a loop has been detected.
*/
public
function
addItemChild
(
$itemName
,
$childName
);
/**
* Removes a child from its parent.
* Note, the child item is not deleted. Only the parent-child relationship is removed.
* @param string $itemName the parent item name
* @param string $childName the child item name
* @return boolean whether the removal is successful
*/
public
function
removeItemChild
(
$itemName
,
$childName
);
/**
* Returns a value indicating whether a child exists within a parent.
* @param string $itemName the parent item name
* @param string $childName the child item name
* @return boolean whether the child exists
*/
public
function
hasItemChild
(
$itemName
,
$childName
);
/**
* Returns the children of the specified item.
* @param mixed $itemName the parent item name. This can be either a string or an array.
* The latter represents a list of item names.
* @return Item[] all child items of the parent
*/
public
function
getItemChildren
(
$itemName
);
/**
* Assigns an authorization item to a user.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @param string $bizRule the business rule to be executed when [[checkAccess()]] is called
* for this particular authorization item.
* @param mixed $data additional data associated with this assignment
* @return Assignment the authorization assignment information.
* @throws \yii\base\Exception if the item does not exist or if the item has already been assigned to the user
*/
public
function
assign
(
$userId
,
$itemName
,
$bizRule
=
null
,
$data
=
null
);
/**
* Revokes an authorization assignment from a user.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @return boolean whether removal is successful
*/
public
function
revoke
(
$userId
,
$itemName
);
/**
* Returns a value indicating whether the item has been assigned to the user.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @return boolean whether the item has been assigned to the user.
*/
public
function
isAssigned
(
$userId
,
$itemName
);
/**
* Returns the item assignment information.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @return Assignment the item assignment information. Null is returned if
* the item is not assigned to the user.
*/
public
function
getAssignment
(
$userId
,
$itemName
);
/**
* Returns the item assignments for the specified user.
* @param mixed $userId the user ID (see [[User::id]])
* @return Item[] the item assignment information for the user. An empty array will be
* returned if there is no item assigned to the user.
*/
public
function
getAssignments
(
$userId
);
/**
* Saves the changes to an authorization assignment.
* @param Assignment $assignment the assignment that has been changed.
*/
public
function
saveAssignment
(
$assignment
);
/**
* Removes all authorization data.
*/
public
function
clearAll
();
/**
* Removes all authorization assignments.
*/
public
function
clearAssignments
();
/**
* Saves authorization data into persistent storage.
* If any change is made to the authorization data, please make
* sure you call this method to save the changed data into persistent storage.
*/
public
function
save
();
/**
* Executes a business rule.
* A business rule is a piece of PHP code that will be executed when [[checkAccess()]] is called.
* @param string $bizRule the business rule to be executed.
* @param array $params additional parameters to be passed to the business rule when being executed.
* @param mixed $data additional data that is associated with the corresponding authorization item or assignment
* @return boolean whether the execution returns a true value.
* If the business rule is empty, it will also return true.
*/
public
function
executeBizRule
(
$bizRule
,
$params
,
$data
);
}
framework/rbac/Item.php
View file @
3fe23f83
...
@@ -18,7 +18,7 @@ use yii\base\Object;
...
@@ -18,7 +18,7 @@ use yii\base\Object;
* A user may be assigned one or several authorization items (called [[Assignment]] assignments).
* A user may be assigned one or several authorization items (called [[Assignment]] assignments).
* He can perform an operation only when it is among his assigned items.
* He can perform an operation only when it is among his assigned items.
*
*
* @property
I
Manager $authManager The authorization manager.
* @property Manager $authManager The authorization manager.
* @property integer $type The authorization item type. This could be 0 (operation), 1 (task) or 2 (role).
* @property integer $type The authorization item type. This could be 0 (operation), 1 (task) or 2 (role).
* @property string $name The item name.
* @property string $name The item name.
* @property string $description The item description.
* @property string $description The item description.
...
@@ -45,7 +45,7 @@ class Item extends Object
...
@@ -45,7 +45,7 @@ class Item extends Object
/**
/**
* Constructor.
* Constructor.
* @param
I
Manager $auth authorization manager
* @param Manager $auth authorization manager
* @param string $name authorization item name
* @param string $name authorization item name
* @param integer $type authorization item type. This can be 0 (operation), 1 (task) or 2 (role).
* @param integer $type authorization item type. This can be 0 (operation), 1 (task) or 2 (role).
* @param string $description the description
* @param string $description the description
...
@@ -65,7 +65,7 @@ class Item extends Object
...
@@ -65,7 +65,7 @@ class Item extends Object
/**
/**
* Checks to see if the specified item is within the hierarchy starting from this item.
* Checks to see if the specified item is within the hierarchy starting from this item.
* This method is expected to be internally used by the actual implementations
* This method is expected to be internally used by the actual implementations
* of the [[
I
Manager::checkAccess()]].
* of the [[Manager::checkAccess()]].
* @param string $itemName the name of the item to be checked
* @param string $itemName the name of the item to be checked
* @param array $params the parameters to be passed to business rule evaluation
* @param array $params the parameters to be passed to business rule evaluation
* @return boolean whether the specified item is within the hierarchy starting from this item.
* @return boolean whether the specified item is within the hierarchy starting from this item.
...
@@ -87,7 +87,7 @@ class Item extends Object
...
@@ -87,7 +87,7 @@ class Item extends Object
}
}
/**
/**
* @return
I
Manager the authorization manager
* @return Manager the authorization manager
*/
*/
public
function
getManager
()
public
function
getManager
()
{
{
...
@@ -184,7 +184,7 @@ class Item extends Object
...
@@ -184,7 +184,7 @@ class Item extends Object
* @param string $name the name of the child item
* @param string $name the name of the child item
* @return boolean whether the item is added successfully
* @return boolean whether the item is added successfully
* @throws \yii\base\Exception if either parent or child doesn't exist or if a loop has been detected.
* @throws \yii\base\Exception if either parent or child doesn't exist or if a loop has been detected.
* @see
I
Manager::addItemChild
* @see Manager::addItemChild
*/
*/
public
function
addChild
(
$name
)
public
function
addChild
(
$name
)
{
{
...
@@ -196,7 +196,7 @@ class Item extends Object
...
@@ -196,7 +196,7 @@ class Item extends Object
* Note, the child item is not deleted. Only the parent-child relationship is removed.
* Note, the child item is not deleted. Only the parent-child relationship is removed.
* @param string $name the child item name
* @param string $name the child item name
* @return boolean whether the removal is successful
* @return boolean whether the removal is successful
* @see
I
Manager::removeItemChild
* @see Manager::removeItemChild
*/
*/
public
function
removeChild
(
$name
)
public
function
removeChild
(
$name
)
{
{
...
@@ -207,7 +207,7 @@ class Item extends Object
...
@@ -207,7 +207,7 @@ class Item extends Object
* Returns a value indicating whether a child exists
* Returns a value indicating whether a child exists
* @param string $name the child item name
* @param string $name the child item name
* @return boolean whether the child exists
* @return boolean whether the child exists
* @see
I
Manager::hasItemChild
* @see Manager::hasItemChild
*/
*/
public
function
hasChild
(
$name
)
public
function
hasChild
(
$name
)
{
{
...
@@ -217,7 +217,7 @@ class Item extends Object
...
@@ -217,7 +217,7 @@ class Item extends Object
/**
/**
* Returns the children of this item.
* Returns the children of this item.
* @return Item[] all child items of this item.
* @return Item[] all child items of this item.
* @see
I
Manager::getItemChildren
* @see Manager::getItemChildren
*/
*/
public
function
getChildren
()
public
function
getChildren
()
{
{
...
@@ -232,7 +232,7 @@ class Item extends Object
...
@@ -232,7 +232,7 @@ class Item extends Object
* @param mixed $data additional data associated with this assignment
* @param mixed $data additional data associated with this assignment
* @return Assignment the authorization assignment information.
* @return Assignment the authorization assignment information.
* @throws \yii\base\Exception if the item has already been assigned to the user
* @throws \yii\base\Exception if the item has already been assigned to the user
* @see
I
Manager::assign
* @see Manager::assign
*/
*/
public
function
assign
(
$userId
,
$bizRule
=
null
,
$data
=
null
)
public
function
assign
(
$userId
,
$bizRule
=
null
,
$data
=
null
)
{
{
...
@@ -243,7 +243,7 @@ class Item extends Object
...
@@ -243,7 +243,7 @@ class Item extends Object
* Revokes an authorization assignment from a user.
* Revokes an authorization assignment from a user.
* @param mixed $userId the user ID (see [[User::id]])
* @param mixed $userId the user ID (see [[User::id]])
* @return boolean whether removal is successful
* @return boolean whether removal is successful
* @see
I
Manager::revoke
* @see Manager::revoke
*/
*/
public
function
revoke
(
$userId
)
public
function
revoke
(
$userId
)
{
{
...
@@ -254,7 +254,7 @@ class Item extends Object
...
@@ -254,7 +254,7 @@ class Item extends Object
* Returns a value indicating whether this item has been assigned to the user.
* Returns a value indicating whether this item has been assigned to the user.
* @param mixed $userId the user ID (see [[User::id]])
* @param mixed $userId the user ID (see [[User::id]])
* @return boolean whether the item has been assigned to the user.
* @return boolean whether the item has been assigned to the user.
* @see
I
Manager::isAssigned
* @see Manager::isAssigned
*/
*/
public
function
isAssigned
(
$userId
)
public
function
isAssigned
(
$userId
)
{
{
...
@@ -266,7 +266,7 @@ class Item extends Object
...
@@ -266,7 +266,7 @@ class Item extends Object
* @param mixed $userId the user ID (see [[User::id]])
* @param mixed $userId the user ID (see [[User::id]])
* @return Assignment the item assignment information. Null is returned if
* @return Assignment the item assignment information. Null is returned if
* this item is not assigned to the user.
* this item is not assigned to the user.
* @see
I
Manager::getAssignment
* @see Manager::getAssignment
*/
*/
public
function
getAssignment
(
$userId
)
public
function
getAssignment
(
$userId
)
{
{
...
...
framework/rbac/Manager.php
View file @
3fe23f83
...
@@ -29,7 +29,7 @@ use yii\base\InvalidParamException;
...
@@ -29,7 +29,7 @@ use yii\base\InvalidParamException;
* Using authorization manager consists of two aspects. First, the authorization hierarchy
* Using authorization manager consists of two aspects. First, the authorization hierarchy
* and assignments have to be established. Manager and its child classes
* and assignments have to be established. Manager and its child classes
* provides APIs to accomplish this task. Developers may need to develop some GUI
* provides APIs to accomplish this task. Developers may need to develop some GUI
* so that it is more intuitive to end-users. Second, developers call [[
I
Manager::checkAccess()]]
* so that it is more intuitive to end-users. Second, developers call [[Manager::checkAccess()]]
* at appropriate places in the application code to check if the current user
* at appropriate places in the application code to check if the current user
* has the needed permission for an operation.
* has the needed permission for an operation.
*
*
...
@@ -41,7 +41,7 @@ use yii\base\InvalidParamException;
...
@@ -41,7 +41,7 @@ use yii\base\InvalidParamException;
* @author Alexander Kochetov <creocoder@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @since 2.0
* @since 2.0
*/
*/
abstract
class
Manager
extends
Component
implements
IManager
abstract
class
Manager
extends
Component
{
{
/**
/**
* @var boolean Enable error reporting for bizRules.
* @var boolean Enable error reporting for bizRules.
...
@@ -62,7 +62,7 @@ abstract class Manager extends Component implements IManager
...
@@ -62,7 +62,7 @@ abstract class Manager extends Component implements IManager
/**
/**
* Creates a role.
* Creates a role.
* This is a shortcut method to [[
I
Manager::createItem()]].
* This is a shortcut method to [[Manager::createItem()]].
* @param string $name the item name
* @param string $name the item name
* @param string $description the item description.
* @param string $description the item description.
* @param string $bizRule the business rule associated with this item
* @param string $bizRule the business rule associated with this item
...
@@ -76,7 +76,7 @@ abstract class Manager extends Component implements IManager
...
@@ -76,7 +76,7 @@ abstract class Manager extends Component implements IManager
/**
/**
* Creates a task.
* Creates a task.
* This is a shortcut method to [[
I
Manager::createItem()]].
* This is a shortcut method to [[Manager::createItem()]].
* @param string $name the item name
* @param string $name the item name
* @param string $description the item description.
* @param string $description the item description.
* @param string $bizRule the business rule associated with this item
* @param string $bizRule the business rule associated with this item
...
@@ -90,7 +90,7 @@ abstract class Manager extends Component implements IManager
...
@@ -90,7 +90,7 @@ abstract class Manager extends Component implements IManager
/**
/**
* Creates an operation.
* Creates an operation.
* This is a shortcut method to [[
I
Manager::createItem()]].
* This is a shortcut method to [[Manager::createItem()]].
* @param string $name the item name
* @param string $name the item name
* @param string $description the item description.
* @param string $description the item description.
* @param string $bizRule the business rule associated with this item
* @param string $bizRule the business rule associated with this item
...
@@ -104,7 +104,7 @@ abstract class Manager extends Component implements IManager
...
@@ -104,7 +104,7 @@ abstract class Manager extends Component implements IManager
/**
/**
* Returns roles.
* Returns roles.
* This is a shortcut method to [[
I
Manager::getItems()]].
* This is a shortcut method to [[Manager::getItems()]].
* @param mixed $userId the user ID. If not null, only the roles directly assigned to the user
* @param mixed $userId the user ID. If not null, only the roles directly assigned to the user
* will be returned. Otherwise, all roles will be returned.
* will be returned. Otherwise, all roles will be returned.
* @return Item[] roles (name=>AuthItem)
* @return Item[] roles (name=>AuthItem)
...
@@ -116,7 +116,7 @@ abstract class Manager extends Component implements IManager
...
@@ -116,7 +116,7 @@ abstract class Manager extends Component implements IManager
/**
/**
* Returns tasks.
* Returns tasks.
* This is a shortcut method to [[
I
Manager::getItems()]].
* This is a shortcut method to [[Manager::getItems()]].
* @param mixed $userId the user ID. If not null, only the tasks directly assigned to the user
* @param mixed $userId the user ID. If not null, only the tasks directly assigned to the user
* will be returned. Otherwise, all tasks will be returned.
* will be returned. Otherwise, all tasks will be returned.
* @return Item[] tasks (name=>AuthItem)
* @return Item[] tasks (name=>AuthItem)
...
@@ -128,7 +128,7 @@ abstract class Manager extends Component implements IManager
...
@@ -128,7 +128,7 @@ abstract class Manager extends Component implements IManager
/**
/**
* Returns operations.
* Returns operations.
* This is a shortcut method to [[
I
Manager::getItems()]].
* This is a shortcut method to [[Manager::getItems()]].
* @param mixed $userId the user ID. If not null, only the operations directly assigned to the user
* @param mixed $userId the user ID. If not null, only the operations directly assigned to the user
* will be returned. Otherwise, all operations will be returned.
* will be returned. Otherwise, all operations will be returned.
* @return Item[] operations (name=>AuthItem)
* @return Item[] operations (name=>AuthItem)
...
@@ -141,7 +141,7 @@ abstract class Manager extends Component implements IManager
...
@@ -141,7 +141,7 @@ abstract class Manager extends Component implements IManager
/**
/**
* Executes the specified business rule.
* Executes the specified business rule.
* @param string $bizRule the business rule to be executed.
* @param string $bizRule the business rule to be executed.
* @param array $params parameters passed to [[
I
Manager::checkAccess()]].
* @param array $params parameters passed to [[Manager::checkAccess()]].
* @param mixed $data additional data associated with the authorization item or assignment.
* @param mixed $data additional data associated with the authorization item or assignment.
* @return boolean whether the business rule returns true.
* @return boolean whether the business rule returns true.
* If the business rule is empty, it will still return true.
* If the business rule is empty, it will still return true.
...
@@ -164,4 +164,149 @@ abstract class Manager extends Component implements IManager
...
@@ -164,4 +164,149 @@ abstract class Manager extends Component implements IManager
throw
new
InvalidParamException
(
"Cannot add an item of type '
$types[$childType]
' to an item of type '
$types[$parentType]
'."
);
throw
new
InvalidParamException
(
"Cannot add an item of type '
$types[$childType]
' to an item of type '
$types[$parentType]
'."
);
}
}
}
}
/**
* Performs access check for the specified user.
* @param mixed $userId the user ID. This should be either an integer or a string representing
* the unique identifier of a user. See [[User::id]].
* @param string $itemName the name of the operation that we are checking access to
* @param array $params name-value pairs that would be passed to biz rules associated
* with the tasks and roles assigned to the user.
* @return boolean whether the operations can be performed by the user.
*/
abstract
public
function
checkAccess
(
$userId
,
$itemName
,
$params
=
array
());
/**
* Creates an authorization item.
* An authorization item represents an action permission (e.g. creating a post).
* It has three types: operation, task and role.
* Authorization items form a hierarchy. Higher level items inheirt permissions representing
* by lower level items.
* @param string $name the item name. This must be a unique identifier.
* @param integer $type the item type (0: operation, 1: task, 2: role).
* @param string $description description of the item
* @param string $bizRule business rule associated with the item. This is a piece of
* PHP code that will be executed when [[checkAccess()]] is called for the item.
* @param mixed $data additional data associated with the item.
* @throws \yii\base\Exception if an item with the same name already exists
* @return Item the authorization item
*/
abstract
public
function
createItem
(
$name
,
$type
,
$description
=
''
,
$bizRule
=
null
,
$data
=
null
);
/**
* Removes the specified authorization item.
* @param string $name the name of the item to be removed
* @return boolean whether the item exists in the storage and has been removed
*/
abstract
public
function
removeItem
(
$name
);
/**
* Returns the authorization items of the specific type and user.
* @param mixed $userId the user ID. Defaults to null, meaning returning all items even if
* they are not assigned to a user.
* @param integer $type the item type (0: operation, 1: task, 2: role). Defaults to null,
* meaning returning all items regardless of their type.
* @return Item[] the authorization items of the specific type.
*/
abstract
public
function
getItems
(
$userId
=
null
,
$type
=
null
);
/**
* Returns the authorization item with the specified name.
* @param string $name the name of the item
* @return Item the authorization item. Null if the item cannot be found.
*/
abstract
public
function
getItem
(
$name
);
/**
* Saves an authorization item to persistent storage.
* @param Item $item the item to be saved.
* @param string $oldName the old item name. If null, it means the item name is not changed.
*/
abstract
public
function
saveItem
(
$item
,
$oldName
=
null
);
/**
* Adds an item as a child of another item.
* @param string $itemName the parent item name
* @param string $childName the child item name
* @throws \yii\base\Exception if either parent or child doesn't exist or if a loop has been detected.
*/
abstract
public
function
addItemChild
(
$itemName
,
$childName
);
/**
* Removes a child from its parent.
* Note, the child item is not deleted. Only the parent-child relationship is removed.
* @param string $itemName the parent item name
* @param string $childName the child item name
* @return boolean whether the removal is successful
*/
abstract
public
function
removeItemChild
(
$itemName
,
$childName
);
/**
* Returns a value indicating whether a child exists within a parent.
* @param string $itemName the parent item name
* @param string $childName the child item name
* @return boolean whether the child exists
*/
abstract
public
function
hasItemChild
(
$itemName
,
$childName
);
/**
* Returns the children of the specified item.
* @param mixed $itemName the parent item name. This can be either a string or an array.
* The latter represents a list of item names.
* @return Item[] all child items of the parent
*/
abstract
public
function
getItemChildren
(
$itemName
);
/**
* Assigns an authorization item to a user.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @param string $bizRule the business rule to be executed when [[checkAccess()]] is called
* for this particular authorization item.
* @param mixed $data additional data associated with this assignment
* @return Assignment the authorization assignment information.
* @throws \yii\base\Exception if the item does not exist or if the item has already been assigned to the user
*/
abstract
public
function
assign
(
$userId
,
$itemName
,
$bizRule
=
null
,
$data
=
null
);
/**
* Revokes an authorization assignment from a user.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @return boolean whether removal is successful
*/
abstract
public
function
revoke
(
$userId
,
$itemName
);
/**
* Returns a value indicating whether the item has been assigned to the user.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @return boolean whether the item has been assigned to the user.
*/
abstract
public
function
isAssigned
(
$userId
,
$itemName
);
/**
* Returns the item assignment information.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @return Assignment the item assignment information. Null is returned if
* the item is not assigned to the user.
*/
abstract
public
function
getAssignment
(
$userId
,
$itemName
);
/**
* Returns the item assignments for the specified user.
* @param mixed $userId the user ID (see [[User::id]])
* @return Item[] the item assignment information for the user. An empty array will be
* returned if there is no item assigned to the user.
*/
abstract
public
function
getAssignments
(
$userId
);
/**
* Saves the changes to an authorization assignment.
* @param Assignment $assignment the assignment that has been changed.
*/
abstract
public
function
saveAssignment
(
$assignment
);
/**
* Removes all authorization data.
*/
abstract
public
function
clearAll
();
/**
* Removes all authorization assignments.
*/
abstract
public
function
clearAssignments
();
/**
* Saves authorization data into persistent storage.
* If any change is made to the authorization data, please make
* sure you call this method to save the changed data into persistent storage.
*/
abstract
public
function
save
();
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment