CAuthManager
包 | system.web.auth |
---|---|
继承 | abstract class CAuthManager » CApplicationComponent » CComponent |
实现 | IApplicationComponent, IAuthManager |
子类 | CDbAuthManager, CPhpAuthManager |
可用自 | 1.0 |
源码 | framework/web/auth/CAuthManager.php |
CAuthManager extends CApplicationComponent and implements some methods that are common among authorization manager classes.
CAuthManager together with its concrete child classes implement the Role-Based Access Control (RBAC).
The main idea is that permissions are organized as a hierarchy of authorization items. Items on higher level inherit the permissions represented by items on lower level. And roles are simply top-level authorization items that may be assigned to individual users. A user is said to have a permission to do something if the corresponding authorization item is inherited by one of his roles.
Using authorization manager consists of two aspects. First, the authorization hierarchy and assignments have to be established. CAuthManager and its child classes provides APIs to accomplish this task. Developers may need to develop some GUI so that it is more intuitive to end-users. Second, developers call IAuthManager::checkAccess at appropriate places in the application code to check if the current user has the needed permission for an operation.
公共属性
属性 | 类型 | 描述 | 被定义在 |
---|---|---|---|
authItems | array | Returns the authorization items of the specific type and user. | IAuthManager |
behaviors | array | the behaviors that should be attached to this component. | CApplicationComponent |
defaultRoles | array | list of role names that are assigned to all users implicitly. | CAuthManager |
isInitialized | boolean | Checks if this application component has been initialized. | CApplicationComponent |
operations | array | Returns operations. | CAuthManager |
roles | array | Returns roles. | CAuthManager |
showErrors | boolean | Enable error reporting for bizRules. | CAuthManager |
tasks | array | Returns tasks. | CAuthManager |
公共方法
方法 | 描述 | 被定义在 |
---|---|---|
__call() | Calls the named method which is not a class method. | CComponent |
__get() | Returns a property value, an event handler list or a behavior based on its name. | CComponent |
__isset() | Checks if a property value is null. | CComponent |
__set() | Sets value of a component property. | CComponent |
__unset() | Sets a component property to be null. | CComponent |
addItemChild() | Adds an item as a child of another item. | IAuthManager |
asa() | Returns the named behavior object. | CComponent |
assign() | Assigns an authorization item to a user. | IAuthManager |
attachBehavior() | Attaches a behavior to this component. | CComponent |
attachBehaviors() | Attaches a list of behaviors to the component. | CComponent |
attachEventHandler() | Attaches an event handler to an event. | CComponent |
canGetProperty() | Determines whether a property can be read. | CComponent |
canSetProperty() | Determines whether a property can be set. | CComponent |
checkAccess() | Performs access check for the specified user. | IAuthManager |
clearAll() | Removes all authorization data. | IAuthManager |
clearAuthAssignments() | Removes all authorization assignments. | IAuthManager |
createAuthItem() | Creates an authorization item. | IAuthManager |
createOperation() | Creates an operation. | CAuthManager |
createRole() | Creates a role. | CAuthManager |
createTask() | Creates a task. | CAuthManager |
detachBehavior() | Detaches a behavior from the component. | CComponent |
detachBehaviors() | Detaches all behaviors from the component. | CComponent |
detachEventHandler() | Detaches an existing event handler. | CComponent |
disableBehavior() | Disables an attached behavior. | CComponent |
disableBehaviors() | Disables all behaviors attached to this component. | CComponent |
enableBehavior() | Enables an attached behavior. | CComponent |
enableBehaviors() | Enables all behaviors attached to this component. | CComponent |
evaluateExpression() | Evaluates a PHP expression or callback under the context of this component. | CComponent |
executeBizRule() | Executes the specified business rule. | CAuthManager |
getAuthAssignment() | Returns the item assignment information. | IAuthManager |
getAuthAssignments() | Returns the item assignments for the specified user. | IAuthManager |
getAuthItem() | Returns the authorization item with the specified name. | IAuthManager |
getAuthItems() | Returns the authorization items of the specific type and user. | IAuthManager |
getEventHandlers() | Returns the list of attached event handlers for an event. | CComponent |
getIsInitialized() | Checks if this application component has been initialized. | CApplicationComponent |
getItemChildren() | Returns the children of the specified item. | IAuthManager |
getOperations() | Returns operations. | CAuthManager |
getRoles() | Returns roles. | CAuthManager |
getTasks() | Returns tasks. | CAuthManager |
hasEvent() | Determines whether an event is defined. | CComponent |
hasEventHandler() | Checks whether the named event has attached handlers. | CComponent |
hasItemChild() | Returns a value indicating whether a child exists within a parent. | IAuthManager |
hasProperty() | Determines whether a property is defined. | CComponent |
init() | Initializes the application component. | CApplicationComponent |
isAssigned() | Returns a value indicating whether the item has been assigned to the user. | IAuthManager |
raiseEvent() | Raises an event. | CComponent |
removeAuthItem() | Removes the specified authorization item. | IAuthManager |
removeItemChild() | Removes a child from its parent. | IAuthManager |
revoke() | Revokes an authorization assignment from a user. | IAuthManager |
save() | Saves authorization data into persistent storage. | IAuthManager |
saveAuthAssignment() | Saves the changes to an authorization assignment. | IAuthManager |
saveAuthItem() | Saves an authorization item to persistent storage. | IAuthManager |
受保护的方法
方法 | 描述 | 被定义在 |
---|---|---|
checkItemChildType() | Checks the item types to make sure a child can be added to a parent. | CAuthManager |
属性详情
list of role names that are assigned to all users implicitly. These roles do not need to be explicitly assigned to any user. When calling checkAccess, these roles will be checked first. For performance reason, you should minimize the number of such roles. A typical usage of such roles is to define an 'authenticated' role and associate it with a biz rule which checks if the current user is authenticated. And then declare 'authenticated' in this property so that it can be applied to every authenticated user.
Returns operations. This is a shortcut method to IAuthManager::getAuthItems.
Returns roles. This is a shortcut method to IAuthManager::getAuthItems.
Enable error reporting for bizRules.
Returns tasks. This is a shortcut method to IAuthManager::getAuthItems.
方法详情
protected void checkItemChildType(integer $parentType, integer $childType)
| ||
$parentType | integer | parent item type |
$childType | integer | child item type |
protected function checkItemChildType($parentType,$childType)
{
static $types=array('operation','task','role');
if($parentType < $childType)
throw new CException(Yii::t('yii','Cannot add an item of type "{child}" to an item of type "{parent}".',
array('{child}'=>$types[$childType], '{parent}'=>$types[$parentType])));
}
Checks the item types to make sure a child can be added to a parent.
public CAuthItem createOperation(string $name, string $description='', string $bizRule=NULL, mixed $data=NULL)
| ||
$name | string | the item name |
$description | string | the item description. |
$bizRule | string | the business rule associated with this item |
$data | mixed | additional data to be passed when evaluating the business rule |
{return} | CAuthItem | the authorization item |
public function createOperation($name,$description='',$bizRule=null,$data=null)
{
return $this->createAuthItem($name,CAuthItem::TYPE_OPERATION,$description,$bizRule,$data);
}
Creates an operation. This is a shortcut method to IAuthManager::createAuthItem.
public CAuthItem createRole(string $name, string $description='', string $bizRule=NULL, mixed $data=NULL)
| ||
$name | string | the item name |
$description | string | the item description. |
$bizRule | string | the business rule associated with this item |
$data | mixed | additional data to be passed when evaluating the business rule |
{return} | CAuthItem | the authorization item |
public function createRole($name,$description='',$bizRule=null,$data=null)
{
return $this->createAuthItem($name,CAuthItem::TYPE_ROLE,$description,$bizRule,$data);
}
Creates a role. This is a shortcut method to IAuthManager::createAuthItem.
public CAuthItem createTask(string $name, string $description='', string $bizRule=NULL, mixed $data=NULL)
| ||
$name | string | the item name |
$description | string | the item description. |
$bizRule | string | the business rule associated with this item |
$data | mixed | additional data to be passed when evaluating the business rule |
{return} | CAuthItem | the authorization item |
public function createTask($name,$description='',$bizRule=null,$data=null)
{
return $this->createAuthItem($name,CAuthItem::TYPE_TASK,$description,$bizRule,$data);
}
Creates a task. This is a shortcut method to IAuthManager::createAuthItem.
public boolean executeBizRule(string $bizRule, array $params, mixed $data)
| ||
$bizRule | string | the business rule to be executed. |
$params | array | parameters passed to IAuthManager::checkAccess. |
$data | mixed | additional data associated with the authorization item or assignment. |
{return} | boolean | whether the business rule returns true. If the business rule is empty, it will still return true. |
public function executeBizRule($bizRule,$params,$data)
{
if($bizRule==='' || $bizRule===null)
return true;
if ($this->showErrors)
return eval($bizRule)!=0;
else
{
try
{
return @eval($bizRule)!=0;
}
catch (ParseError $e)
{
return false;
}
}
}
Executes the specified business rule.
public array getOperations(mixed $userId=NULL)
| ||
$userId | mixed | the user ID. If not null, only the operations directly assigned to the user will be returned. Otherwise, all operations will be returned. |
{return} | array | operations (name=>CAuthItem) |
public function getOperations($userId=null)
{
return $this->getAuthItems(CAuthItem::TYPE_OPERATION,$userId);
}
Returns operations. This is a shortcut method to IAuthManager::getAuthItems.
public array getRoles(mixed $userId=NULL)
| ||
$userId | mixed | the user ID. If not null, only the roles directly assigned to the user will be returned. Otherwise, all roles will be returned. |
{return} | array | roles (name=>CAuthItem) |
public function getRoles($userId=null)
{
return $this->getAuthItems(CAuthItem::TYPE_ROLE,$userId);
}
Returns roles. This is a shortcut method to IAuthManager::getAuthItems.
public array getTasks(mixed $userId=NULL)
| ||
$userId | mixed | the user ID. If not null, only the tasks directly assigned to the user will be returned. Otherwise, all tasks will be returned. |
{return} | array | tasks (name=>CAuthItem) |
public function getTasks($userId=null)
{
return $this->getAuthItems(CAuthItem::TYPE_TASK,$userId);
}
Returns tasks. This is a shortcut method to IAuthManager::getAuthItems.