system system.base system.caching system.caching.dependencies system.collections system.console system.db system.db.ar system.db.schema system.db.schema.mssql system.db.schema.mysql system.db.schema.oci system.db.schema.pgsql system.db.schema.sqlite system.i18n system.i18n.gettext system.logging system.utils system.validators system.web system.web.actions system.web.auth system.web.filters system.web.helpers system.web.renderers system.web.services system.web.widgets system.web.widgets.captcha system.web.widgets.pagers

IAuthManager

system.base
继承 interface IAuthManager
子类 CAuthManager, CDbAuthManager, CPhpAuthManager
可用自 1.0
版本 $Id$
IAuthManager interface is implemented by an auth manager application component.

An auth manager is mainly responsible for providing role-based access control (RBAC) service.

公共方法

隐藏继承的方法

方法描述被定义在
addItemChild() Adds an item as a child of another item. IAuthManager
assign() Assigns an authorization item to a user. IAuthManager
checkAccess() Performs access check for the specified user. IAuthManager
clearAll() Removes all authorization data. IAuthManager
clearAuthAssignments() Removes all authorization assignments. IAuthManager
createAuthItem() Creates an authorization item. IAuthManager
executeBizRule() Executes a business rule. IAuthManager
getAuthAssignment() Returns the item assignment information. IAuthManager
getAuthAssignments() Returns the item assignments for the specified user. IAuthManager
getAuthItem() Returns the authorization item with the specified name. IAuthManager
getAuthItems() Returns the authorization items of the specific type and user. IAuthManager
getItemChildren() Returns the children of the specified item. IAuthManager
hasItemChild() Returns a value indicating whether a child exists within a parent. IAuthManager
isAssigned() Returns a value indicating whether the item has been assigned to the user. IAuthManager
removeAuthItem() Removes the specified authorization item. IAuthManager
removeItemChild() Removes a child from its parent. IAuthManager
revoke() Revokes an authorization assignment from a user. IAuthManager
save() Saves authorization data into persistent storage. IAuthManager
saveAuthAssignment() Saves the changes to an authorization assignment. IAuthManager
saveAuthItem() Saves an authorization item to persistent storage. IAuthManager

方法详情

addItemChild() 方法
abstract public void addItemChild(string $itemName, string $childName)
$itemName string the parent item name
$childName string the child item name

Adds an item as a child of another item.

assign() 方法
abstract public CAuthAssignment assign(string $itemName, mixed $userId, string $bizRule=NULL, mixed $data=NULL)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
$bizRule string the business rule to be executed when checkAccess is called for this particular authorization item.
$data mixed additional data associated with this assignment
{return} CAuthAssignment the authorization assignment information.

Assigns an authorization item to a user.

checkAccess() 方法
abstract public boolean checkAccess(string $itemName, mixed $userId, array $params=array ( ))
$itemName string the name of the operation that need access check
$userId mixed the user ID. This should can be either an integer and a string representing the unique identifier of a user. See IWebUser::getId.
$params array name-value pairs that would be passed to biz rules associated with the tasks and roles assigned to the user.
{return} boolean whether the operations can be performed by the user.

Performs access check for the specified user.

clearAll() 方法
abstract public void clearAll()

Removes all authorization data.

clearAuthAssignments() 方法
abstract public void clearAuthAssignments()

Removes all authorization assignments.

createAuthItem() 方法
abstract public CAuthItem createAuthItem(string $name, integer $type, string $description='', string $bizRule=NULL, mixed $data=NULL)
$name string the item name. This must be a unique identifier.
$type integer the item type (0: operation, 1: task, 2: role).
$description string description of the item
$bizRule string business rule associated with the item. This is a piece of PHP code that will be executed when checkAccess is called for the item.
$data mixed additional data associated with the item.
{return} CAuthItem the authorization item

Creates an authorization item. An authorization item represents an action permission (e.g. creating a post). It has three types: operation, task and role. Authorization items form a hierarchy. Higher level items inheirt permissions representing by lower level items.

executeBizRule() 方法
abstract public whether executeBizRule(string $bizRule, array $params, mixed $data)
$bizRule string the business rule to be executed.
$params array additional parameters to be passed to the business rule when being executed.
$data mixed additional data that is associated with the corresponding authorization item or assignment
{return} whether the execution returns a true value. If the business rule is empty, it will also return true.

Executes a business rule. A business rule is a piece of PHP code that will be executed when checkAccess is called.

getAuthAssignment() 方法
abstract public CAuthAssignment getAuthAssignment(string $itemName, mixed $userId)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
{return} CAuthAssignment the item assignment information. Null is returned if the item is not assigned to the user.

Returns the item assignment information.

getAuthAssignments() 方法
abstract public array getAuthAssignments(mixed $userId)
$userId mixed the user ID (see IWebUser::getId)
{return} array the item assignment information for the user. An empty array will be returned if there is no item assigned to the user.

Returns the item assignments for the specified user.

getAuthItem() 方法
abstract public CAuthItem getAuthItem(string $name)
$name string the name of the item
{return} CAuthItem the authorization item. Null if the item cannot be found.

Returns the authorization item with the specified name.

getAuthItems() 方法
abstract public array getAuthItems(integer $type=NULL, mixed $userId=NULL)
$type integer the item type (0: operation, 1: task, 2: role). Defaults to null, meaning returning all items regardless of their type.
$userId mixed the user ID. Defaults to null, meaning returning all items even if they are not assigned to a user.
{return} array the authorization items of the specific type.

Returns the authorization items of the specific type and user.

getItemChildren() 方法
abstract public array getItemChildren(mixed $itemName)
$itemName mixed the parent item name. This can be either a string or an array. The latter represents a list of item names (available since version 1.0.5).
{return} array all child items of the parent

Returns the children of the specified item.

hasItemChild() 方法
abstract public boolean hasItemChild(string $itemName, string $childName)
$itemName string the parent item name
$childName string the child item name
{return} boolean whether the child exists

Returns a value indicating whether a child exists within a parent.

isAssigned() 方法
abstract public boolean isAssigned(string $itemName, mixed $userId)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
{return} boolean whether the item has been assigned to the user.

Returns a value indicating whether the item has been assigned to the user.

removeAuthItem() 方法
abstract public boolean removeAuthItem(string $name)
$name string the name of the item to be removed
{return} boolean whether the item exists in the storage and has been removed

Removes the specified authorization item.

removeItemChild() 方法
abstract public boolean removeItemChild(string $itemName, string $childName)
$itemName string the parent item name
$childName string the child item name
{return} boolean whether the removal is successful

Removes a child from its parent. Note, the child item is not deleted. Only the parent-child relationship is removed.

revoke() 方法
abstract public boolean revoke(string $itemName, mixed $userId)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
{return} boolean whether removal is successful

Revokes an authorization assignment from a user.

save() 方法
abstract public void save()

Saves authorization data into persistent storage. If any change is made to the authorization data, please make sure you call this method to save the changed data into persistent storage.

saveAuthAssignment() 方法
abstract public void saveAuthAssignment(CAuthAssignment $assignment)
$assignment CAuthAssignment the assignment that has been changed.

Saves the changes to an authorization assignment.

saveAuthItem() 方法
abstract public void saveAuthItem(CAuthItem $item, string $oldName=NULL)
$item CAuthItem the item to be saved.
$oldName string the old item name. If null, it means the item name is not changed.

Saves an authorization item to persistent storage.