IAuthManager
| 包 | system.base |
|---|---|
| 继承 | interface IAuthManager |
| 子类 | CAuthManager, CDbAuthManager, CPhpAuthManager |
| 可用自 | 1.0 |
| 版本 | $Id$ |
IAuthManager interface is implemented by an auth manager application component.
An auth manager is mainly responsible for providing role-based access control (RBAC) service.
An auth manager is mainly responsible for providing role-based access control (RBAC) service.
公共方法
| 方法 | 描述 | 被定义在 |
|---|---|---|
| addItemChild() | Adds an item as a child of another item. | IAuthManager |
| assign() | Assigns an authorization item to a user. | IAuthManager |
| checkAccess() | Performs access check for the specified user. | IAuthManager |
| clearAll() | Removes all authorization data. | IAuthManager |
| clearAuthAssignments() | Removes all authorization assignments. | IAuthManager |
| createAuthItem() | Creates an authorization item. | IAuthManager |
| executeBizRule() | Executes a business rule. | IAuthManager |
| getAuthAssignment() | Returns the item assignment information. | IAuthManager |
| getAuthAssignments() | Returns the item assignments for the specified user. | IAuthManager |
| getAuthItem() | Returns the authorization item with the specified name. | IAuthManager |
| getAuthItems() | Returns the authorization items of the specific type and user. | IAuthManager |
| getItemChildren() | Returns the children of the specified item. | IAuthManager |
| hasItemChild() | Returns a value indicating whether a child exists within a parent. | IAuthManager |
| isAssigned() | Returns a value indicating whether the item has been assigned to the user. | IAuthManager |
| removeAuthItem() | Removes the specified authorization item. | IAuthManager |
| removeItemChild() | Removes a child from its parent. | IAuthManager |
| revoke() | Revokes an authorization assignment from a user. | IAuthManager |
| save() | Saves authorization data into persistent storage. | IAuthManager |
| saveAuthAssignment() | Saves the changes to an authorization assignment. | IAuthManager |
| saveAuthItem() | Saves an authorization item to persistent storage. | IAuthManager |
方法详情
addItemChild()
方法
|
abstract public void addItemChild(string $itemName, string $childName)
| ||
| $itemName | string | the parent item name |
| $childName | string | the child item name |
Adds an item as a child of another item.
assign()
方法
|
abstract public CAuthAssignment assign(string $itemName, mixed $userId, string $bizRule=NULL, mixed $data=NULL)
| ||
| $itemName | string | the item name |
| $userId | mixed | the user ID (see IWebUser::getId) |
| $bizRule | string | the business rule to be executed when checkAccess is called for this particular authorization item. |
| $data | mixed | additional data associated with this assignment |
| {return} | CAuthAssignment | the authorization assignment information. |
Assigns an authorization item to a user.
checkAccess()
方法
|
abstract public boolean checkAccess(string $itemName, mixed $userId, array $params=array (
))
| ||
| $itemName | string | the name of the operation that need access check |
| $userId | mixed | the user ID. This should can be either an integer and a string representing the unique identifier of a user. See IWebUser::getId. |
| $params | array | name-value pairs that would be passed to biz rules associated with the tasks and roles assigned to the user. |
| {return} | boolean | whether the operations can be performed by the user. |
Performs access check for the specified user.
clearAll()
方法
|
abstract public void clearAll()
|
Removes all authorization data.
clearAuthAssignments()
方法
|
abstract public void clearAuthAssignments()
|
Removes all authorization assignments.
createAuthItem()
方法
|
abstract public CAuthItem createAuthItem(string $name, integer $type, string $description='', string $bizRule=NULL, mixed $data=NULL)
| ||
| $name | string | the item name. This must be a unique identifier. |
| $type | integer | the item type (0: operation, 1: task, 2: role). |
| $description | string | description of the item |
| $bizRule | string | business rule associated with the item. This is a piece of PHP code that will be executed when checkAccess is called for the item. |
| $data | mixed | additional data associated with the item. |
| {return} | CAuthItem | the authorization item |
Creates an authorization item. An authorization item represents an action permission (e.g. creating a post). It has three types: operation, task and role. Authorization items form a hierarchy. Higher level items inheirt permissions representing by lower level items.
executeBizRule()
方法
|
abstract public whether executeBizRule(string $bizRule, array $params, mixed $data)
| ||
| $bizRule | string | the business rule to be executed. |
| $params | array | additional parameters to be passed to the business rule when being executed. |
| $data | mixed | additional data that is associated with the corresponding authorization item or assignment |
| {return} | whether | the execution returns a true value. If the business rule is empty, it will also return true. |
Executes a business rule. A business rule is a piece of PHP code that will be executed when checkAccess is called.
getAuthAssignment()
方法
|
abstract public CAuthAssignment getAuthAssignment(string $itemName, mixed $userId)
| ||
| $itemName | string | the item name |
| $userId | mixed | the user ID (see IWebUser::getId) |
| {return} | CAuthAssignment | the item assignment information. Null is returned if the item is not assigned to the user. |
Returns the item assignment information.
getAuthAssignments()
方法
|
abstract public array getAuthAssignments(mixed $userId)
| ||
| $userId | mixed | the user ID (see IWebUser::getId) |
| {return} | array | the item assignment information for the user. An empty array will be returned if there is no item assigned to the user. |
Returns the item assignments for the specified user.
getAuthItem()
方法
|
abstract public CAuthItem getAuthItem(string $name)
| ||
| $name | string | the name of the item |
| {return} | CAuthItem | the authorization item. Null if the item cannot be found. |
Returns the authorization item with the specified name.
getAuthItems()
方法
|
abstract public array getAuthItems(integer $type=NULL, mixed $userId=NULL)
| ||
| $type | integer | the item type (0: operation, 1: task, 2: role). Defaults to null, meaning returning all items regardless of their type. |
| $userId | mixed | the user ID. Defaults to null, meaning returning all items even if they are not assigned to a user. |
| {return} | array | the authorization items of the specific type. |
Returns the authorization items of the specific type and user.
getItemChildren()
方法
|
abstract public array getItemChildren(mixed $itemName)
| ||
| $itemName | mixed | the parent item name. This can be either a string or an array. The latter represents a list of item names (available since version 1.0.5). |
| {return} | array | all child items of the parent |
Returns the children of the specified item.
hasItemChild()
方法
|
abstract public boolean hasItemChild(string $itemName, string $childName)
| ||
| $itemName | string | the parent item name |
| $childName | string | the child item name |
| {return} | boolean | whether the child exists |
Returns a value indicating whether a child exists within a parent.
isAssigned()
方法
|
abstract public boolean isAssigned(string $itemName, mixed $userId)
| ||
| $itemName | string | the item name |
| $userId | mixed | the user ID (see IWebUser::getId) |
| {return} | boolean | whether the item has been assigned to the user. |
Returns a value indicating whether the item has been assigned to the user.
removeAuthItem()
方法
|
abstract public boolean removeAuthItem(string $name)
| ||
| $name | string | the name of the item to be removed |
| {return} | boolean | whether the item exists in the storage and has been removed |
Removes the specified authorization item.
removeItemChild()
方法
|
abstract public boolean removeItemChild(string $itemName, string $childName)
| ||
| $itemName | string | the parent item name |
| $childName | string | the child item name |
| {return} | boolean | whether the removal is successful |
Removes a child from its parent. Note, the child item is not deleted. Only the parent-child relationship is removed.
revoke()
方法
|
abstract public boolean revoke(string $itemName, mixed $userId)
| ||
| $itemName | string | the item name |
| $userId | mixed | the user ID (see IWebUser::getId) |
| {return} | boolean | whether removal is successful |
Revokes an authorization assignment from a user.
save()
方法
|
abstract public void save()
|
Saves authorization data into persistent storage. If any change is made to the authorization data, please make sure you call this method to save the changed data into persistent storage.
saveAuthAssignment()
方法
|
abstract public void saveAuthAssignment(CAuthAssignment $assignment)
| ||
| $assignment | CAuthAssignment | the assignment that has been changed. |
Saves the changes to an authorization assignment.
saveAuthItem()
方法
|
abstract public void saveAuthItem(CAuthItem $item, string $oldName=NULL)
| ||
| $item | CAuthItem | the item to be saved. |
| $oldName | string | the old item name. If null, it means the item name is not changed. |
Saves an authorization item to persistent storage.