system system.base system.caching system.caching.dependencies system.collections system.console system.db system.db.ar system.db.schema system.db.schema.cubrid system.db.schema.mssql system.db.schema.mysql system.db.schema.oci system.db.schema.pgsql system.db.schema.sqlite system.gii system.i18n system.i18n.gettext system.logging system.test system.utils system.validators system.web system.web.actions system.web.auth system.web.filters system.web.form system.web.helpers system.web.renderers system.web.services system.web.widgets system.web.widgets.captcha system.web.widgets.pagers zii.behaviors zii.widgets zii.widgets.grid zii.widgets.jui

CAuthManager

system.web.auth
继承 abstract class CAuthManager » CApplicationComponent » CComponent
实现 IApplicationComponent, IAuthManager
子类 CDbAuthManager, CPhpAuthManager
可用自 1.0
源码 framework/web/auth/CAuthManager.php
CAuthManager is the base class for authorization manager classes.

CAuthManager extends CApplicationComponent and implements some methods that are common among authorization manager classes.

CAuthManager together with its concrete child classes implement the Role-Based Access Control (RBAC).

The main idea is that permissions are organized as a hierarchy of authorization items. Items on higher level inherit the permissions represented by items on lower level. And roles are simply top-level authorization items that may be assigned to individual users. A user is said to have a permission to do something if the corresponding authorization item is inherited by one of his roles.

Using authorization manager consists of two aspects. First, the authorization hierarchy and assignments have to be established. CAuthManager and its child classes provides APIs to accomplish this task. Developers may need to develop some GUI so that it is more intuitive to end-users. Second, developers call IAuthManager::checkAccess at appropriate places in the application code to check if the current user has the needed permission for an operation.

公共属性

隐藏继承的属性

属性类型描述被定义在
authItems array Returns the authorization items of the specific type and user. IAuthManager
behaviors array the behaviors that should be attached to this component. CApplicationComponent
defaultRoles array list of role names that are assigned to all users implicitly. CAuthManager
isInitialized boolean Checks if this application component has been initialized. CApplicationComponent
operations array Returns operations. CAuthManager
roles array Returns roles. CAuthManager
showErrors boolean Enable error reporting for bizRules. CAuthManager
tasks array Returns tasks. CAuthManager

公共方法

隐藏继承的方法

方法描述被定义在
__call() Calls the named method which is not a class method. CComponent
__get() Returns a property value, an event handler list or a behavior based on its name. CComponent
__isset() Checks if a property value is null. CComponent
__set() Sets value of a component property. CComponent
__unset() Sets a component property to be null. CComponent
addItemChild() Adds an item as a child of another item. IAuthManager
asa() Returns the named behavior object. CComponent
assign() Assigns an authorization item to a user. IAuthManager
attachBehavior() Attaches a behavior to this component. CComponent
attachBehaviors() Attaches a list of behaviors to the component. CComponent
attachEventHandler() Attaches an event handler to an event. CComponent
canGetProperty() Determines whether a property can be read. CComponent
canSetProperty() Determines whether a property can be set. CComponent
checkAccess() Performs access check for the specified user. IAuthManager
clearAll() Removes all authorization data. IAuthManager
clearAuthAssignments() Removes all authorization assignments. IAuthManager
createAuthItem() Creates an authorization item. IAuthManager
createOperation() Creates an operation. CAuthManager
createRole() Creates a role. CAuthManager
createTask() Creates a task. CAuthManager
detachBehavior() Detaches a behavior from the component. CComponent
detachBehaviors() Detaches all behaviors from the component. CComponent
detachEventHandler() Detaches an existing event handler. CComponent
disableBehavior() Disables an attached behavior. CComponent
disableBehaviors() Disables all behaviors attached to this component. CComponent
enableBehavior() Enables an attached behavior. CComponent
enableBehaviors() Enables all behaviors attached to this component. CComponent
evaluateExpression() Evaluates a PHP expression or callback under the context of this component. CComponent
executeBizRule() Executes the specified business rule. CAuthManager
getAuthAssignment() Returns the item assignment information. IAuthManager
getAuthAssignments() Returns the item assignments for the specified user. IAuthManager
getAuthItem() Returns the authorization item with the specified name. IAuthManager
getAuthItems() Returns the authorization items of the specific type and user. IAuthManager
getEventHandlers() Returns the list of attached event handlers for an event. CComponent
getIsInitialized() Checks if this application component has been initialized. CApplicationComponent
getItemChildren() Returns the children of the specified item. IAuthManager
getOperations() Returns operations. CAuthManager
getRoles() Returns roles. CAuthManager
getTasks() Returns tasks. CAuthManager
hasEvent() Determines whether an event is defined. CComponent
hasEventHandler() Checks whether the named event has attached handlers. CComponent
hasItemChild() Returns a value indicating whether a child exists within a parent. IAuthManager
hasProperty() Determines whether a property is defined. CComponent
init() Initializes the application component. CApplicationComponent
isAssigned() Returns a value indicating whether the item has been assigned to the user. IAuthManager
raiseEvent() Raises an event. CComponent
removeAuthItem() Removes the specified authorization item. IAuthManager
removeItemChild() Removes a child from its parent. IAuthManager
revoke() Revokes an authorization assignment from a user. IAuthManager
save() Saves authorization data into persistent storage. IAuthManager
saveAuthAssignment() Saves the changes to an authorization assignment. IAuthManager
saveAuthItem() Saves an authorization item to persistent storage. IAuthManager

受保护的方法

隐藏继承的方法

方法描述被定义在
checkItemChildType() Checks the item types to make sure a child can be added to a parent. CAuthManager

属性详情

defaultRoles 属性
public array $defaultRoles;

list of role names that are assigned to all users implicitly. These roles do not need to be explicitly assigned to any user. When calling checkAccess, these roles will be checked first. For performance reason, you should minimize the number of such roles. A typical usage of such roles is to define an 'authenticated' role and associate it with a biz rule which checks if the current user is authenticated. And then declare 'authenticated' in this property so that it can be applied to every authenticated user.

operations 属性 只读
public array getOperations(mixed $userId=NULL)

Returns operations. This is a shortcut method to IAuthManager::getAuthItems.

roles 属性 只读
public array getRoles(mixed $userId=NULL)

Returns roles. This is a shortcut method to IAuthManager::getAuthItems.

showErrors 属性 (自版本 v1.1.3 可用)
public boolean $showErrors;

Enable error reporting for bizRules.

tasks 属性 只读
public array getTasks(mixed $userId=NULL)

Returns tasks. This is a shortcut method to IAuthManager::getAuthItems.

方法详情

checkItemChildType() 方法
protected void checkItemChildType(integer $parentType, integer $childType)
$parentType integer parent item type
$childType integer child item type
源码: framework/web/auth/CAuthManager.php#172 (显示)
protected function checkItemChildType($parentType,$childType)
{
    static 
$types=array('operation','task','role');
    if(
$parentType $childType)
        throw new 
CException(Yii::t('yii','Cannot add an item of type "{child}" to an item of type "{parent}".',
            array(
'{child}'=>$types[$childType], '{parent}'=>$types[$parentType])));
}

Checks the item types to make sure a child can be added to a parent.

createOperation() 方法
public CAuthItem createOperation(string $name, string $description='', string $bizRule=NULL, mixed $data=NULL)
$name string the item name
$description string the item description.
$bizRule string the business rule associated with this item
$data mixed additional data to be passed when evaluating the business rule
{return} CAuthItem the authorization item
源码: framework/web/auth/CAuthManager.php#98 (显示)
public function createOperation($name,$description='',$bizRule=null,$data=null)
{
    return 
$this->createAuthItem($name,CAuthItem::TYPE_OPERATION,$description,$bizRule,$data);
}

Creates an operation. This is a shortcut method to IAuthManager::createAuthItem.

createRole() 方法
public CAuthItem createRole(string $name, string $description='', string $bizRule=NULL, mixed $data=NULL)
$name string the item name
$description string the item description.
$bizRule string the business rule associated with this item
$data mixed additional data to be passed when evaluating the business rule
{return} CAuthItem the authorization item
源码: framework/web/auth/CAuthManager.php#70 (显示)
public function createRole($name,$description='',$bizRule=null,$data=null)
{
    return 
$this->createAuthItem($name,CAuthItem::TYPE_ROLE,$description,$bizRule,$data);
}

Creates a role. This is a shortcut method to IAuthManager::createAuthItem.

createTask() 方法
public CAuthItem createTask(string $name, string $description='', string $bizRule=NULL, mixed $data=NULL)
$name string the item name
$description string the item description.
$bizRule string the business rule associated with this item
$data mixed additional data to be passed when evaluating the business rule
{return} CAuthItem the authorization item
源码: framework/web/auth/CAuthManager.php#84 (显示)
public function createTask($name,$description='',$bizRule=null,$data=null)
{
    return 
$this->createAuthItem($name,CAuthItem::TYPE_TASK,$description,$bizRule,$data);
}

Creates a task. This is a shortcut method to IAuthManager::createAuthItem.

executeBizRule() 方法
public boolean executeBizRule(string $bizRule, array $params, mixed $data)
$bizRule string the business rule to be executed.
$params array parameters passed to IAuthManager::checkAccess.
$data mixed additional data associated with the authorization item or assignment.
{return} boolean whether the business rule returns true. If the business rule is empty, it will still return true.
源码: framework/web/auth/CAuthManager.php#147 (显示)
public function executeBizRule($bizRule,$params,$data)
{
    if(
$bizRule==='' || $bizRule===null)
        return 
true;
    if (
$this->showErrors)
        return eval(
$bizRule)!=0;
    else
    {
        try
        {
            return @eval(
$bizRule)!=0;
        }
        catch (
ParseError $e)
        {
            return 
false;
        }
    }
}

Executes the specified business rule.

getOperations() 方法
public array getOperations(mixed $userId=NULL)
$userId mixed the user ID. If not null, only the operations directly assigned to the user will be returned. Otherwise, all operations will be returned.
{return} array operations (name=>CAuthItem)
源码: framework/web/auth/CAuthManager.php#134 (显示)
public function getOperations($userId=null)
{
    return 
$this->getAuthItems(CAuthItem::TYPE_OPERATION,$userId);
}

Returns operations. This is a shortcut method to IAuthManager::getAuthItems.

getRoles() 方法
public array getRoles(mixed $userId=NULL)
$userId mixed the user ID. If not null, only the roles directly assigned to the user will be returned. Otherwise, all roles will be returned.
{return} array roles (name=>CAuthItem)
源码: framework/web/auth/CAuthManager.php#110 (显示)
public function getRoles($userId=null)
{
    return 
$this->getAuthItems(CAuthItem::TYPE_ROLE,$userId);
}

Returns roles. This is a shortcut method to IAuthManager::getAuthItems.

getTasks() 方法
public array getTasks(mixed $userId=NULL)
$userId mixed the user ID. If not null, only the tasks directly assigned to the user will be returned. Otherwise, all tasks will be returned.
{return} array tasks (name=>CAuthItem)
源码: framework/web/auth/CAuthManager.php#122 (显示)
public function getTasks($userId=null)
{
    return 
$this->getAuthItems(CAuthItem::TYPE_TASK,$userId);
}

Returns tasks. This is a shortcut method to IAuthManager::getAuthItems.