Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Y
yii2
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
PSDI Army
yii2
Commits
c9fe510e
Commit
c9fe510e
authored
May 10, 2013
by
Alexander Kochetov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Comment fixes + class descriptions added
parent
850ff065
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
71 additions
and
3 deletions
+71
-3
Assignment.php
framework/rbac/Assignment.php
+9
-0
DbManager.php
framework/rbac/DbManager.php
+10
-2
IManager.php
framework/rbac/IManager.php
+2
-0
Item.php
framework/rbac/Item.php
+14
-0
Manager.php
framework/rbac/Manager.php
+24
-0
PhpManager.php
framework/rbac/PhpManager.php
+12
-1
No files found.
framework/rbac/Assignment.php
View file @
c9fe510e
...
@@ -11,6 +11,15 @@ use Yii;
...
@@ -11,6 +11,15 @@ use Yii;
use
yii\base\Object
;
use
yii\base\Object
;
/**
/**
* Assignment represents an assignment of a role to a user.
* It includes additional assignment information such as [[bizRule]] and [[data]].
* Do not create a Assignment instance using the 'new' operator.
* Instead, call [[IManager::assign]].
*
* @property mixed $userId User ID (see [[User::id]]).
* @property string $itemName The authorization item name.
* @property string $bizRule The business rule associated with this assignment.
* @property mixed $data Additional data for this assignment.
*
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
...
...
framework/rbac/DbManager.php
View file @
c9fe510e
...
@@ -14,6 +14,14 @@ use yii\base\Exception;
...
@@ -14,6 +14,14 @@ use yii\base\Exception;
use
yii\base\InvalidConfigException
;
use
yii\base\InvalidConfigException
;
/**
/**
* DbManager represents an authorization manager that stores authorization information in database.
*
* The database connection is specified by [[db]]. And the database schema
* should be as described in "framework/rbac/*.sql". You may change the names of
* the three tables used to store the authorization data by setting [[itemTable]],
* [[itemChildTable]] and [[assignmentTable]].
*
* @property array $authItems The authorization items of the specific type.
*
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
...
@@ -60,9 +68,9 @@ class DbManager extends Manager
...
@@ -60,9 +68,9 @@ class DbManager extends Manager
/**
/**
* Performs access check for the specified user.
* Performs access check for the specified user.
* @param mixed $userId the user ID. This should can be either an integer and a string representing
* @param mixed $userId the user ID. This should can be either an integer or a string representing
* @param string $itemName the name of the operation that need access check
* the unique identifier of a user. See [[User::id]].
* the unique identifier of a user. See [[User::id]].
* @param string $itemName the name of the operation that need access check
* @param array $params name-value pairs that would be passed to biz rules associated
* @param array $params name-value pairs that would be passed to biz rules associated
* with the tasks and roles assigned to the user. A param with name 'userId' is added to this array,
* with the tasks and roles assigned to the user. A param with name 'userId' is added to this array,
* which holds the value of `$userId`.
* which holds the value of `$userId`.
...
...
framework/rbac/IManager.php
View file @
c9fe510e
...
@@ -10,6 +10,8 @@ namespace yii\rbac;
...
@@ -10,6 +10,8 @@ namespace yii\rbac;
/**
/**
* IManager interface is implemented by an auth manager application component.
* IManager interface is implemented by an auth manager application component.
*
*
* An auth manager is mainly responsible for providing role-based access control (RBAC) service.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @since 2.0
* @since 2.0
...
...
framework/rbac/Item.php
View file @
c9fe510e
...
@@ -11,6 +11,20 @@ use Yii;
...
@@ -11,6 +11,20 @@ use Yii;
use
yii\base\Object
;
use
yii\base\Object
;
/**
/**
* Item represents an authorization item.
* An authorization item can be an operation, a task or a role.
* They form an authorization hierarchy. Items on higher levels of the hierarchy
* inherit the permissions represented by items on lower levels.
* A user may be assigned one or several authorization items (called [[Assignment]] assignments).
* He can perform an operation only when it is among his assigned items.
*
* @property IManager $authManager The authorization manager.
* @property integer $type The authorization item type. This could be 0 (operation), 1 (task) or 2 (role).
* @property string $name The item name.
* @property string $description The item description.
* @property string $bizRule The business rule associated with this item.
* @property mixed $data The additional data associated with this item.
* @property array $children All child items of this item.
*
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
...
...
framework/rbac/Manager.php
View file @
c9fe510e
...
@@ -12,6 +12,30 @@ use yii\base\Component;
...
@@ -12,6 +12,30 @@ use yii\base\Component;
use
yii\base\Exception
;
use
yii\base\Exception
;
/**
/**
* Manager is the base class for authorization manager classes.
*
* Manager extends [[Component]] and implements some methods
* that are common among authorization manager classes.
*
* Manager together with its concrete child classes implement the Role-Based
* Access Control (RBAC).
*
* The main idea is that permissions are organized as a hierarchy of
* [[Item]] authorization items. Items on higer level inherit the permissions
* represented by items on lower level. And roles are simply top-level authorization items
* that may be assigned to individual users. A user is said to have a permission
* to do something if the corresponding authorization item is inherited by one of his roles.
*
* Using authorization manager consists of two aspects. First, the authorization hierarchy
* and assignments have to be established. Manager and its child classes
* provides APIs to accomplish this task. Developers may need to develop some GUI
* so that it is more intuitive to end-users. Second, developers call [[IManager::checkAccess()]]
* at appropriate places in the application code to check if the current user
* has the needed permission for an operation.
*
* @property array $roles Roles (name=>Item).
* @property array $tasks Tasks (name=>Item).
* @property array $operations Operations (name=>Item).
*
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
...
...
framework/rbac/PhpManager.php
View file @
c9fe510e
...
@@ -11,6 +11,17 @@ use Yii;
...
@@ -11,6 +11,17 @@ use Yii;
use
yii\base\Exception
;
use
yii\base\Exception
;
/**
/**
* PhpManager represents an authorization manager that stores authorization
* information in terms of a PHP script file.
*
* The authorization data will be saved to and loaded from a file
* specified by [[authFile]], which defaults to 'protected/data/rbac.php'.
*
* PhpManager is mainly suitable for authorization data that is not too big
* (for example, the authorization data for a personal blog system).
* Use [[DbManager]] for more complex authorization data.
*
* @property array $authItems The authorization items of the specific type.
*
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
...
@@ -20,7 +31,7 @@ class PhpManager extends Manager
...
@@ -20,7 +31,7 @@ class PhpManager extends Manager
{
{
/**
/**
* @var string the path of the PHP script that contains the authorization data.
* @var string the path of the PHP script that contains the authorization data.
* If not set, it will be using 'protected/data/
auth
.php' as the data file.
* If not set, it will be using 'protected/data/
rbac
.php' as the data file.
* Make sure this file is writable by the Web server process if the authorization
* Make sure this file is writable by the Web server process if the authorization
* needs to be changed.
* needs to be changed.
* @see loadFromFile
* @see loadFromFile
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment