system system.base system.caching system.caching.dependencies system.collections system.console system.db system.db.ar system.db.schema system.db.schema.mssql system.db.schema.mysql system.db.schema.oci system.db.schema.pgsql system.db.schema.sqlite system.i18n system.i18n.gettext system.logging system.utils system.validators system.web system.web.actions system.web.auth system.web.filters system.web.helpers system.web.renderers system.web.services system.web.widgets system.web.widgets.captcha system.web.widgets.pagers

CDbAuthManager

system.web.auth
继承 class CDbAuthManager » CAuthManager » CApplicationComponent » CComponent
实现 IAuthManager, IApplicationComponent
可用自 1.0
版本 $Id$
CDbAuthManager represents an authorization manager that stores authorization information in database.

The database connection is specified by connectionID. And the database schema should be as described in "framework/web/auth/schema.sql". You may change the names of the three tables used to store the authorization data by setting itemTable, itemChildTable and assignmentTable.

公共属性

隐藏继承的属性

属性类型描述被定义在
assignmentTable string the name of the table storing authorization item assignments. CDbAuthManager
authItems array Returns the authorization items of the specific type and user. CDbAuthManager
behaviors array the behaviors that should be attached to this component. CApplicationComponent
connectionID string the ID of the CDbConnection application component. CDbAuthManager
db CDbConnection the database connection. CDbAuthManager
defaultRoles array list of role names that are assigned to all users implicitly. CAuthManager
isInitialized boolean whether this application component has been initialized (i. CApplicationComponent
itemChildTable string the name of the table storing authorization item hierarchy. CDbAuthManager
itemTable string the name of the table storing authorization items. CDbAuthManager
operations array Returns operations. CAuthManager
roles array Returns roles. CAuthManager
tasks array Returns tasks. CAuthManager

受保护的属性

隐藏继承的属性

属性类型描述被定义在
dbConnection CDbConnection the DB connection instance CDbAuthManager

公共方法

隐藏继承的方法

方法描述被定义在
__call() Calls the named method which is not a class method. CComponent
__destruct() Destructor. CDbAuthManager
__get() Returns a property value, an event handler list or a behavior based on its name. CComponent
__isset() Checks if a property value is null. CComponent
__set() Sets value of a component property. CComponent
__unset() Sets a component property to be null. CComponent
addItemChild() Adds an item as a child of another item. CDbAuthManager
asa() Returns the named behavior object. CComponent
assign() Assigns an authorization item to a user. CDbAuthManager
attachBehavior() Attaches a behavior to this component. CComponent
attachBehaviors() Attaches a list of behaviors to the component. CComponent
attachEventHandler() Attaches an event handler to an event. CComponent
canGetProperty() Determines whether a property can be read. CComponent
canSetProperty() Determines whether a property can be set. CComponent
checkAccess() Performs access check for the specified user. CDbAuthManager
clearAll() Removes all authorization data. CDbAuthManager
clearAuthAssignments() Removes all authorization assignments. CDbAuthManager
createAuthItem() Creates an authorization item. CDbAuthManager
createOperation() Creates an operation. CAuthManager
createRole() Creates a role. CAuthManager
createTask() Creates a task. CAuthManager
detachBehavior() Detaches a behavior from the component. CComponent
detachBehaviors() Detaches all behaviors from the component. CComponent
detachEventHandler() Detaches an existing event handler. CComponent
disableBehavior() Disables an attached behavior. CComponent
disableBehaviors() Disables all behaviors attached to this component. CComponent
enableBehavior() Enables an attached behavior. CComponent
enableBehaviors() Enables all behaviors attached to this component. CComponent
executeBizRule() Executes the specified business rule. CAuthManager
getAuthAssignment() Returns the item assignment information. CDbAuthManager
getAuthAssignments() Returns the item assignments for the specified user. CDbAuthManager
getAuthItem() Returns the authorization item with the specified name. CDbAuthManager
getAuthItems() Returns the authorization items of the specific type and user. CDbAuthManager
getEventHandlers() Returns the list of attached event handlers for an event. CComponent
getIsInitialized() CApplicationComponent
getItemChildren() Returns the children of the specified item. CDbAuthManager
getOperations() Returns operations. CAuthManager
getRoles() Returns roles. CAuthManager
getTasks() Returns tasks. CAuthManager
hasEvent() Determines whether an event is defined. CComponent
hasEventHandler() Checks whether the named event has attached handlers. CComponent
hasItemChild() Returns a value indicating whether a child exists within a parent. CDbAuthManager
hasProperty() Determines whether a property is defined. CComponent
init() Initializes the application component. CDbAuthManager
isAssigned() Returns a value indicating whether the item has been assigned to the user. CDbAuthManager
raiseEvent() Raises an event. CComponent
removeAuthItem() Removes the specified authorization item. CDbAuthManager
removeItemChild() Removes a child from its parent. CDbAuthManager
revoke() Revokes an authorization assignment from a user. CDbAuthManager
save() Saves the authorization data to persistent storage. CDbAuthManager
saveAuthAssignment() Saves the changes to an authorization assignment. CDbAuthManager
saveAuthItem() Saves an authorization item to persistent storage. CDbAuthManager

受保护的方法

隐藏继承的方法

方法描述被定义在
checkDefaultRoles() Checks the access based on the default roles as declared in defaultRoles. CDbAuthManager
checkItemChildType() Checks the item types to make sure a child can be added to a parent. CAuthManager
detectLoop() Checks whether there is a loop in the authorization item hierarchy. CDbAuthManager
getDbConnection() CDbAuthManager
usingSqlite() CDbAuthManager

属性详情

assignmentTable 属性
public string $assignmentTable;

the name of the table storing authorization item assignments. Defaults to 'AuthAssignment'.

authItems 属性 只读
public array getAuthItems(integer $type=NULL, mixed $userId=NULL)

Returns the authorization items of the specific type and user.

connectionID 属性
public string $connectionID;

the ID of the CDbConnection application component. Defaults to 'db'. The database must have the tables as declared in "framework/web/auth/schema.sql".

db 属性
public CDbConnection $db;

the database connection. By default, this is initialized automatically as the application component whose ID is indicated as connectionID.

dbConnection 属性 只读

the DB connection instance

itemChildTable 属性
public string $itemChildTable;

the name of the table storing authorization item hierarchy. Defaults to 'AuthItemChild'.

itemTable 属性
public string $itemTable;

the name of the table storing authorization items. Defaults to 'AuthItem'.

方法详情

__destruct() 方法
public void __destruct()

Destructor. Disconnect the db connection.

addItemChild() 方法
public void addItemChild(string $itemName, string $childName)
$itemName string the parent item name
$childName string the child item name

Adds an item as a child of another item.

assign() 方法
public CAuthAssignment assign(string $itemName, mixed $userId, string $bizRule=NULL, mixed $data=NULL)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
$bizRule string the business rule to be executed when checkAccess is called for this particular authorization item.
$data mixed additional data associated with this assignment
{return} CAuthAssignment the authorization assignment information.

Assigns an authorization item to a user.

checkAccess() 方法
public boolean checkAccess(string $itemName, mixed $userId, array $params=array ( ))
$itemName string the name of the operation that need access check
$userId mixed the user ID. This should can be either an integer and a string representing the unique identifier of a user. See IWebUser::getId.
$params array name-value pairs that would be passed to biz rules associated with the tasks and roles assigned to the user.
{return} boolean whether the operations can be performed by the user.

Performs access check for the specified user.

checkDefaultRoles() 方法 (自版本 v1.0.3 可用)
protected boolean checkDefaultRoles(string $itemName, array $params)
$itemName string the name of the operation that need access check
$params array name-value pairs that would be passed to biz rules associated with the tasks and roles assigned to the user.
{return} boolean whether the operations can be performed by the user according to the default roles.

Checks the access based on the default roles as declared in defaultRoles.

clearAll() 方法
public void clearAll()

Removes all authorization data.

clearAuthAssignments() 方法
public void clearAuthAssignments()

Removes all authorization assignments.

createAuthItem() 方法
public CAuthItem createAuthItem(string $name, integer $type, string $description='', string $bizRule=NULL, mixed $data=NULL)
$name string the item name. This must be a unique identifier.
$type integer the item type (0: operation, 1: task, 2: role).
$description string description of the item
$bizRule string business rule associated with the item. This is a piece of PHP code that will be executed when checkAccess is called for the item.
$data mixed additional data associated with the item.
{return} CAuthItem the authorization item

Creates an authorization item. An authorization item represents an action permission (e.g. creating a post). It has three types: operation, task and role. Authorization items form a hierarchy. Higher level items inheirt permissions representing by lower level items.

detectLoop() 方法
protected boolean detectLoop(string $itemName, string $childName)
$itemName string parent item name
$childName string the name of the child item that is to be added to the hierarchy
{return} boolean whether a loop exists

Checks whether there is a loop in the authorization item hierarchy.

getAuthAssignment() 方法
public CAuthAssignment getAuthAssignment(string $itemName, mixed $userId)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
{return} CAuthAssignment the item assignment information. Null is returned if the item is not assigned to the user.

Returns the item assignment information.

getAuthAssignments() 方法
public array getAuthAssignments(mixed $userId)
$userId mixed the user ID (see IWebUser::getId)
{return} array the item assignment information for the user. An empty array will be returned if there is no item assigned to the user.

Returns the item assignments for the specified user.

getAuthItem() 方法
public CAuthItem getAuthItem(string $name)
$name string the name of the item
{return} CAuthItem the authorization item. Null if the item cannot be found.

Returns the authorization item with the specified name.

getAuthItems() 方法
public array getAuthItems(integer $type=NULL, mixed $userId=NULL)
$type integer the item type (0: operation, 1: task, 2: role). Defaults to null, meaning returning all items regardless of their type.
$userId mixed the user ID. Defaults to null, meaning returning all items even if they are not assigned to a user.
{return} array the authorization items of the specific type.

Returns the authorization items of the specific type and user.

getDbConnection() 方法
protected CDbConnection getDbConnection()
{return} CDbConnection the DB connection instance

getItemChildren() 方法
public array getItemChildren(mixed $names)
$names mixed the parent item name. This can be either a string or an array. The latter represents a list of item names (available since version 1.0.5).
{return} array all child items of the parent

Returns the children of the specified item.

hasItemChild() 方法
public boolean hasItemChild(string $itemName, string $childName)
$itemName string the parent item name
$childName string the child item name
{return} boolean whether the child exists

Returns a value indicating whether a child exists within a parent.

init() 方法
public void init()

Initializes the application component. This method overrides the parent implementation by establishing the database connection.

isAssigned() 方法
public boolean isAssigned(string $itemName, mixed $userId)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
{return} boolean whether the item has been assigned to the user.

Returns a value indicating whether the item has been assigned to the user.

removeAuthItem() 方法
public boolean removeAuthItem(string $name)
$name string the name of the item to be removed
{return} boolean whether the item exists in the storage and has been removed

Removes the specified authorization item.

removeItemChild() 方法
public boolean removeItemChild(string $itemName, string $childName)
$itemName string the parent item name
$childName string the child item name
{return} boolean whether the removal is successful

Removes a child from its parent. Note, the child item is not deleted. Only the parent-child relationship is removed.

revoke() 方法
public boolean revoke(string $itemName, mixed $userId)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
{return} boolean whether removal is successful

Revokes an authorization assignment from a user.

save() 方法
public void save()

Saves the authorization data to persistent storage.

saveAuthAssignment() 方法
public void saveAuthAssignment(CAuthAssignment $assignment)
$assignment CAuthAssignment the assignment that has been changed.

Saves the changes to an authorization assignment.

saveAuthItem() 方法
public void saveAuthItem(CAuthItem $item, string $oldName=NULL)
$item CAuthItem the item to be saved.
$oldName string the old item name. If null, it means the item name is not changed.

Saves an authorization item to persistent storage.

usingSqlite() 方法
protected boolean usingSqlite()
{return} boolean whether the database is a SQLite database