system system.base system.caching system.caching.dependencies system.collections system.console system.db system.db.ar system.db.schema system.db.schema.cubrid system.db.schema.mssql system.db.schema.mysql system.db.schema.oci system.db.schema.pgsql system.db.schema.sqlite system.gii system.i18n system.i18n.gettext system.logging system.test system.utils system.validators system.web system.web.actions system.web.auth system.web.filters system.web.form system.web.helpers system.web.renderers system.web.services system.web.widgets system.web.widgets.captcha system.web.widgets.pagers zii.behaviors zii.widgets zii.widgets.grid zii.widgets.jui

CPhpAuthManager

system.web.auth
继承 class CPhpAuthManager » CAuthManager » CApplicationComponent » CComponent
实现 IAuthManager, IApplicationComponent
可用自 1.0
源码 framework/web/auth/CPhpAuthManager.php
CPhpAuthManager represents an authorization manager that stores authorization information in terms of a PHP script file.

The authorization data will be saved to and loaded from a file specified by authFile, which defaults to 'protected/data/auth.php'.

CPhpAuthManager is mainly suitable for authorization data that is not too big (for example, the authorization data for a personal blog system). Use CDbAuthManager for more complex authorization data.

公共属性

隐藏继承的属性

属性类型描述被定义在
authFile string the path of the PHP script that contains the authorization data. CPhpAuthManager
authItems array Returns the authorization items of the specific type and user. CPhpAuthManager
behaviors array the behaviors that should be attached to this component. CApplicationComponent
defaultRoles array list of role names that are assigned to all users implicitly. CAuthManager
isInitialized boolean Checks if this application component has been initialized. CApplicationComponent
operations array Returns operations. CAuthManager
roles array Returns roles. CAuthManager
showErrors boolean Enable error reporting for bizRules. CAuthManager
tasks array Returns tasks. CAuthManager

公共方法

隐藏继承的方法

方法描述被定义在
__call() Calls the named method which is not a class method. CComponent
__get() Returns a property value, an event handler list or a behavior based on its name. CComponent
__isset() Checks if a property value is null. CComponent
__set() Sets value of a component property. CComponent
__unset() Sets a component property to be null. CComponent
addItemChild() Adds an item as a child of another item. CPhpAuthManager
asa() Returns the named behavior object. CComponent
assign() Assigns an authorization item to a user. CPhpAuthManager
attachBehavior() Attaches a behavior to this component. CComponent
attachBehaviors() Attaches a list of behaviors to the component. CComponent
attachEventHandler() Attaches an event handler to an event. CComponent
canGetProperty() Determines whether a property can be read. CComponent
canSetProperty() Determines whether a property can be set. CComponent
checkAccess() Performs access check for the specified user. CPhpAuthManager
clearAll() Removes all authorization data. CPhpAuthManager
clearAuthAssignments() Removes all authorization assignments. CPhpAuthManager
createAuthItem() Creates an authorization item. CPhpAuthManager
createOperation() Creates an operation. CAuthManager
createRole() Creates a role. CAuthManager
createTask() Creates a task. CAuthManager
detachBehavior() Detaches a behavior from the component. CComponent
detachBehaviors() Detaches all behaviors from the component. CComponent
detachEventHandler() Detaches an existing event handler. CComponent
disableBehavior() Disables an attached behavior. CComponent
disableBehaviors() Disables all behaviors attached to this component. CComponent
enableBehavior() Enables an attached behavior. CComponent
enableBehaviors() Enables all behaviors attached to this component. CComponent
evaluateExpression() Evaluates a PHP expression or callback under the context of this component. CComponent
executeBizRule() Executes the specified business rule. CAuthManager
getAuthAssignment() Returns the item assignment information. CPhpAuthManager
getAuthAssignments() Returns the item assignments for the specified user. CPhpAuthManager
getAuthItem() Returns the authorization item with the specified name. CPhpAuthManager
getAuthItems() Returns the authorization items of the specific type and user. CPhpAuthManager
getEventHandlers() Returns the list of attached event handlers for an event. CComponent
getIsInitialized() Checks if this application component has been initialized. CApplicationComponent
getItemChildren() Returns the children of the specified item. CPhpAuthManager
getOperations() Returns operations. CAuthManager
getRoles() Returns roles. CAuthManager
getTasks() Returns tasks. CAuthManager
hasEvent() Determines whether an event is defined. CComponent
hasEventHandler() Checks whether the named event has attached handlers. CComponent
hasItemChild() Returns a value indicating whether a child exists within a parent. CPhpAuthManager
hasProperty() Determines whether a property is defined. CComponent
init() Initializes the application component. CPhpAuthManager
isAssigned() Returns a value indicating whether the item has been assigned to the user. CPhpAuthManager
load() Loads authorization data. CPhpAuthManager
raiseEvent() Raises an event. CComponent
removeAuthItem() Removes the specified authorization item. CPhpAuthManager
removeItemChild() Removes a child from its parent. CPhpAuthManager
revoke() Revokes an authorization assignment from a user. CPhpAuthManager
save() Saves authorization data into persistent storage. CPhpAuthManager
saveAuthAssignment() Saves the changes to an authorization assignment. CPhpAuthManager
saveAuthItem() Saves an authorization item to persistent storage. CPhpAuthManager

受保护的方法

隐藏继承的方法

方法描述被定义在
checkItemChildType() Checks the item types to make sure a child can be added to a parent. CAuthManager
detectLoop() Checks whether there is a loop in the authorization item hierarchy. CPhpAuthManager
loadFromFile() Loads the authorization data from a PHP script file. CPhpAuthManager
saveToFile() Saves the authorization data to a PHP script file. CPhpAuthManager

属性详情

authFile 属性
public string $authFile;

the path of the PHP script that contains the authorization data. If not set, it will be using 'protected/data/auth.php' as the data file. Make sure this file is writable by the Web server process if the authorization needs to be changed.

authItems 属性 只读
public array getAuthItems(integer $type=NULL, mixed $userId=NULL)

Returns the authorization items of the specific type and user.

方法详情

addItemChild() 方法
public boolean addItemChild(string $itemName, string $childName)
$itemName string the parent item name
$childName string the child item name
{return} boolean whether the item is added successfully
源码: framework/web/auth/CPhpAuthManager.php#100 (显示)
public function addItemChild($itemName,$childName)
{
    if(!isset(
$this->_items[$childName],$this->_items[$itemName]))
        throw new 
CException(Yii::t('yii','Either "{parent}" or "{child}" does not exist.',array('{child}'=>$childName,'{parent}'=>$itemName)));
    
$child=$this->_items[$childName];
    
$item=$this->_items[$itemName];
    
$this->checkItemChildType($item->getType(),$child->getType());
    if(
$this->detectLoop($itemName,$childName))
        throw new 
CException(Yii::t('yii','Cannot add "{child}" as a child of "{parent}". A loop has been detected.',
            array(
'{child}'=>$childName,'{parent}'=>$itemName)));
    if(isset(
$this->_children[$itemName][$childName]))
        throw new 
CException(Yii::t('yii','The item "{parent}" already has a child "{child}".',
            array(
'{child}'=>$childName,'{parent}'=>$itemName)));
    
$this->_children[$itemName][$childName]=$this->_items[$childName];
    return 
true;
}

Adds an item as a child of another item.

assign() 方法
public CAuthAssignment assign(string $itemName, mixed $userId, string $bizRule=NULL, mixed $data=NULL)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
$bizRule string the business rule to be executed when checkAccess is called for this particular authorization item.
$data mixed additional data associated with this assignment
{return} CAuthAssignment the authorization assignment information.
源码: framework/web/auth/CPhpAuthManager.php#176 (显示)
public function assign($itemName,$userId,$bizRule=null,$data=null)
{
    if(!isset(
$this->_items[$itemName]))
        throw new 
CException(Yii::t('yii','Unknown authorization item "{name}".',array('{name}'=>$itemName)));
    elseif(isset(
$this->_assignments[$userId][$itemName]))
        throw new 
CException(Yii::t('yii','Authorization item "{item}" has already been assigned to user "{user}".',
            array(
'{item}'=>$itemName,'{user}'=>$userId)));
    else
        return 
$this->_assignments[$userId][$itemName]=new CAuthAssignment($this,$itemName,$userId,$bizRule,$data);
}

Assigns an authorization item to a user.

checkAccess() 方法
public boolean checkAccess(string $itemName, mixed $userId, array $params=array ( ))
$itemName string the name of the operation that need access check
$userId mixed the user ID. This can be either an integer or a string representing the unique identifier of a user. See IWebUser::getId.
$params array name-value pairs that would be passed to biz rules associated with the tasks and roles assigned to the user. Since version 1.1.11 a param with name 'userId' is added to this array, which holds the value of $userId.
{return} boolean whether the operations can be performed by the user.
源码: framework/web/auth/CPhpAuthManager.php#66 (显示)
public function checkAccess($itemName,$userId,$params=array())
{
    if(!isset(
$this->_items[$itemName]))
        return 
false;
    
$item=$this->_items[$itemName];
    
Yii::trace('Checking permission "'.$item->getName().'"','system.web.auth.CPhpAuthManager');
    if(!isset(
$params['userId']))
        
$params['userId'] = $userId;
    if(
$this->executeBizRule($item->getBizRule(),$params,$item->getData()))
    {
        if(
in_array($itemName,$this->defaultRoles))
            return 
true;
        if(isset(
$this->_assignments[$userId][$itemName]))
        {
            
$assignment=$this->_assignments[$userId][$itemName];
            if(
$this->executeBizRule($assignment->getBizRule(),$params,$assignment->getData()))
                return 
true;
        }
        foreach(
$this->_children as $parentName=>$children)
        {
            if(isset(
$children[$itemName]) && $this->checkAccess($parentName,$userId,$params))
                return 
true;
        }
    }
    return 
false;
}

Performs access check for the specified user.

clearAll() 方法
public void clearAll()
源码: framework/web/auth/CPhpAuthManager.php#447 (显示)
public function clearAll()
{
    
$this->clearAuthAssignments();
    
$this->_children=array();
    
$this->_items=array();
}

Removes all authorization data.

clearAuthAssignments() 方法
public void clearAuthAssignments()
源码: framework/web/auth/CPhpAuthManager.php#457 (显示)
public function clearAuthAssignments()
{
    
$this->_assignments=array();
}

Removes all authorization assignments.

createAuthItem() 方法
public CAuthItem createAuthItem(string $name, integer $type, string $description='', string $bizRule=NULL, mixed $data=NULL)
$name string the item name. This must be a unique identifier.
$type integer the item type (0: operation, 1: task, 2: role).
$description string description of the item
$bizRule string business rule associated with the item. This is a piece of PHP code that will be executed when checkAccess is called for the item.
$data mixed additional data associated with the item.
{return} CAuthItem the authorization item
源码: framework/web/auth/CPhpAuthManager.php#286 (显示)
public function createAuthItem($name,$type,$description='',$bizRule=null,$data=null)
{
    if(isset(
$this->_items[$name]))
        throw new 
CException(Yii::t('yii','Unable to add an item whose name is the same as an existing item.'));
    return 
$this->_items[$name]=new CAuthItem($this,$name,$type,$description,$bizRule,$data);
}

Creates an authorization item. An authorization item represents an action permission (e.g. creating a post). It has three types: operation, task and role. Authorization items form a hierarchy. Higher level items inherit permissions representing by lower level items.

detectLoop() 方法
protected boolean detectLoop(string $itemName, string $childName)
$itemName string parent item name
$childName string the name of the child item that is to be added to the hierarchy
{return} boolean whether a loop exists
源码: framework/web/auth/CPhpAuthManager.php#468 (显示)
protected function detectLoop($itemName,$childName)
{
    if(
$childName===$itemName)
        return 
true;
    if(!isset(
$this->_children[$childName], $this->_items[$itemName]))
        return 
false;

    foreach(
$this->_children[$childName] as $child)
    {
        if(
$this->detectLoop($itemName,$child->getName()))
            return 
true;
    }
    return 
false;
}

Checks whether there is a loop in the authorization item hierarchy.

getAuthAssignment() 方法
public CAuthAssignment getAuthAssignment(string $itemName, mixed $userId)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
{return} CAuthAssignment the item assignment information. Null is returned if the item is not assigned to the user.
源码: framework/web/auth/CPhpAuthManager.php#222 (显示)
public function getAuthAssignment($itemName,$userId)
{
    return isset(
$this->_assignments[$userId][$itemName])?$this->_assignments[$userId][$itemName]:null;
}

Returns the item assignment information.

getAuthAssignments() 方法
public array getAuthAssignments(mixed $userId)
$userId mixed the user ID (see IWebUser::getId)
{return} array the item assignment information for the user. An empty array will be returned if there is no item assigned to the user.
源码: framework/web/auth/CPhpAuthManager.php#233 (显示)
public function getAuthAssignments($userId)
{
    return isset(
$this->_assignments[$userId])?$this->_assignments[$userId]:array();
}

Returns the item assignments for the specified user.

getAuthItem() 方法
public CAuthItem getAuthItem(string $name)
$name string the name of the item
{return} CAuthItem the authorization item. Null if the item cannot be found.
源码: framework/web/auth/CPhpAuthManager.php#318 (显示)
public function getAuthItem($name)
{
    return isset(
$this->_items[$name])?$this->_items[$name]:null;
}

Returns the authorization item with the specified name.

getAuthItems() 方法
public array getAuthItems(integer $type=NULL, mixed $userId=NULL)
$type integer the item type (0: operation, 1: task, 2: role). Defaults to null, meaning returning all items regardless of their type.
$userId mixed the user ID. Defaults to null, meaning returning all items even if they are not assigned to a user.
{return} array the authorization items of the specific type.
源码: framework/web/auth/CPhpAuthManager.php#246 (显示)
public function getAuthItems($type=null,$userId=null)
{
    if(
$type===null && $userId===null)
        return 
$this->_items;
    
$items=array();
    if(
$userId===null)
    {
        foreach(
$this->_items as $name=>$item)
        {
            if(
$item->getType()==$type)
                
$items[$name]=$item;
        }
    }
    elseif(isset(
$this->_assignments[$userId]))
    {
        foreach(
$this->_assignments[$userId] as $assignment)
        {
            
$name=$assignment->getItemName();
            if(isset(
$this->_items[$name]) && ($type===null || $this->_items[$name]->getType()==$type))
                
$items[$name]=$this->_items[$name];
        }
    }
    return 
$items;
}

Returns the authorization items of the specific type and user.

getItemChildren() 方法
public array getItemChildren(mixed $names)
$names mixed the parent item name. This can be either a string or an array. The latter represents a list of item names.
{return} array all child items of the parent
源码: framework/web/auth/CPhpAuthManager.php#152 (显示)
public function getItemChildren($names)
{
    if(
is_string($names))
        return isset(
$this->_children[$names]) ? $this->_children[$names] : array();

    
$children=array();
    foreach(
$names as $name)
    {
        if(isset(
$this->_children[$name]))
            
$children=array_merge($children,$this->_children[$name]);
    }
    return 
$children;
}

Returns the children of the specified item.

hasItemChild() 方法
public boolean hasItemChild(string $itemName, string $childName)
$itemName string the parent item name
$childName string the child item name
{return} boolean whether the child exists
源码: framework/web/auth/CPhpAuthManager.php#141 (显示)
public function hasItemChild($itemName,$childName)
{
    return isset(
$this->_children[$itemName][$childName]);
}

Returns a value indicating whether a child exists within a parent.

init() 方法
public void init()
源码: framework/web/auth/CPhpAuthManager.php#48 (显示)
public function init()
{
    
parent::init();
    if(
$this->authFile===null)
        
$this->authFile=Yii::getPathOfAlias('application.data.auth').'.php';
    
$this->load();
}

Initializes the application component. This method overrides parent implementation by loading the authorization data from PHP script.

isAssigned() 方法
public boolean isAssigned(string $itemName, mixed $userId)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
{return} boolean whether the item has been assigned to the user.
源码: framework/web/auth/CPhpAuthManager.php#210 (显示)
public function isAssigned($itemName,$userId)
{
    return isset(
$this->_assignments[$userId][$itemName]);
}

Returns a value indicating whether the item has been assigned to the user.

load() 方法
public void load()
源码: framework/web/auth/CPhpAuthManager.php#415 (显示)
public function load()
{
    
$this->clearAll();

    
$items=$this->loadFromFile($this->authFile);

    foreach(
$items as $name=>$item)
        
$this->_items[$name]=new CAuthItem($this,$name,$item['type'],$item['description'],$item['bizRule'],$item['data']);

    foreach(
$items as $name=>$item)
    {
        if(isset(
$item['children']))
        {
            foreach(
$item['children'] as $childName)
            {
                if(isset(
$this->_items[$childName]))
                    
$this->_children[$name][$childName]=$this->_items[$childName];
            }
        }
        if(isset(
$item['assignments']))
        {
            foreach(
$item['assignments'] as $userId=>$assignment)
            {
                
$this->_assignments[$userId][$name]=new CAuthAssignment($this,$name,$userId,$assignment['bizRule'],$assignment['data']);
            }
        }
    }
}

Loads authorization data.

loadFromFile() 方法
protected array loadFromFile(string $file)
$file string the file path.
{return} array the authorization data
源码: framework/web/auth/CPhpAuthManager.php#489 (显示)
protected function loadFromFile($file)
{
    if(
is_file($file))
        return require(
$file);
    else
        return array();
}

Loads the authorization data from a PHP script file.

参见

removeAuthItem() 方法
public boolean removeAuthItem(string $name)
$name string the name of the item to be removed
{return} boolean whether the item exists in the storage and has been removed
源码: framework/web/auth/CPhpAuthManager.php#298 (显示)
public function removeAuthItem($name)
{
    if(isset(
$this->_items[$name]))
    {
        foreach(
$this->_children as &$children)
            unset(
$children[$name]);
        foreach(
$this->_assignments as &$assignments)
            unset(
$assignments[$name]);
        unset(
$this->_items[$name]);
        return 
true;
    }
    else
        return 
false;
}

Removes the specified authorization item.

removeItemChild() 方法
public boolean removeItemChild(string $itemName, string $childName)
$itemName string the parent item name
$childName string the child item name
{return} boolean whether the removal is successful
源码: framework/web/auth/CPhpAuthManager.php#124 (显示)
public function removeItemChild($itemName,$childName)
{
    if(isset(
$this->_children[$itemName][$childName]))
    {
        unset(
$this->_children[$itemName][$childName]);
        return 
true;
    }
    else
        return 
false;
}

Removes a child from its parent. Note, the child item is not deleted. Only the parent-child relationship is removed.

revoke() 方法
public boolean revoke(string $itemName, mixed $userId)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
{return} boolean whether removal is successful
源码: framework/web/auth/CPhpAuthManager.php#193 (显示)
public function revoke($itemName,$userId)
{
    if(isset(
$this->_assignments[$userId][$itemName]))
    {
        unset(
$this->_assignments[$userId][$itemName]);
        return 
true;
    }
    else
        return 
false;
}

Revokes an authorization assignment from a user.

save() 方法
public void save()
源码: framework/web/auth/CPhpAuthManager.php#377 (显示)
public function save()
{
    
$items=array();
    foreach(
$this->_items as $name=>$item)
    {
        
$items[$name]=array(
            
'type'=>$item->getType(),
            
'description'=>$item->getDescription(),
            
'bizRule'=>$item->getBizRule(),
            
'data'=>$item->getData(),
        );
        if(isset(
$this->_children[$name]))
        {
            foreach(
$this->_children[$name] as $child)
                
$items[$name]['children'][]=$child->getName();
        }
    }

    foreach(
$this->_assignments as $userId=>$assignments)
    {
        foreach(
$assignments as $name=>$assignment)
        {
            if(isset(
$items[$name]))
            {
                
$items[$name]['assignments'][$userId]=array(
                    
'bizRule'=>$assignment->getBizRule(),
                    
'data'=>$assignment->getData(),
                );
            }
        }
    }

    
$this->saveToFile($items,$this->authFile);
}

Saves authorization data into persistent storage. If any change is made to the authorization data, please make sure you call this method to save the changed data into persistent storage.

saveAuthAssignment() 方法
public void saveAuthAssignment(CAuthAssignment $assignment)
$assignment CAuthAssignment the assignment that has been changed.
源码: framework/web/auth/CPhpAuthManager.php#368 (显示)
public function saveAuthAssignment($assignment)
{
}

Saves the changes to an authorization assignment.

saveAuthItem() 方法
public void saveAuthItem(CAuthItem $item, string $oldName=NULL)
$item CAuthItem the item to be saved.
$oldName string the old item name. If null, it means the item name is not changed.
源码: framework/web/auth/CPhpAuthManager.php#329 (显示)
public function saveAuthItem($item,$oldName=null)
{
    if(
$oldName!==null && ($newName=$item->getName())!==$oldName// name changed
    
{
        if(isset(
$this->_items[$newName]))
            throw new 
CException(Yii::t('yii','Unable to change the item name. The name "{name}" is already used by another item.',array('{name}'=>$newName)));
        if(isset(
$this->_items[$oldName]) && $this->_items[$oldName]===$item)
        {
            unset(
$this->_items[$oldName]);
            
$this->_items[$newName]=$item;
            if(isset(
$this->_children[$oldName]))
            {
                
$this->_children[$newName]=$this->_children[$oldName];
                unset(
$this->_children[$oldName]);
            }
            foreach(
$this->_children as &$children)
            {
                if(isset(
$children[$oldName]))
                {
                    
$children[$newName]=$children[$oldName];
                    unset(
$children[$oldName]);
                }
            }
            foreach(
$this->_assignments as &$assignments)
            {
                if(isset(
$assignments[$oldName]))
                {
                    
$assignments[$newName]=$assignments[$oldName];
                    unset(
$assignments[$oldName]);
                }
            }
        }
    }
}

Saves an authorization item to persistent storage.

saveToFile() 方法
protected void saveToFile(array $data, string $file)
$data array the authorization data
$file string the file path.
源码: framework/web/auth/CPhpAuthManager.php#503 (显示)
protected function saveToFile($data,$file)
{
    
file_put_contents($file,"<?php\nreturn ".var_export($data,true).";\n");
}

Saves the authorization data to a PHP script file.

参见