system system.base system.caching system.caching.dependencies system.collections system.console system.db system.db.ar system.db.schema system.db.schema.mssql system.db.schema.mysql system.db.schema.oci system.db.schema.pgsql system.db.schema.sqlite system.i18n system.i18n.gettext system.logging system.utils system.validators system.web system.web.actions system.web.auth system.web.filters system.web.helpers system.web.renderers system.web.services system.web.widgets system.web.widgets.captcha system.web.widgets.pagers

CPhpAuthManager

system.web.auth
继承 class CPhpAuthManager » CAuthManager » CApplicationComponent » CComponent
实现 IAuthManager, IApplicationComponent
可用自 1.0
版本 $Id$
CPhpAuthManager represents an authorization manager that stores authorization information in terms of a PHP script file.

The authorization data will be saved to and loaded from a file specified by authFile, which defaults to 'protected/data/auth.php'.

CPhpAuthManager is mainly suitable for authorization data that is not too big (for example, the authorization data for a personal blog system). Use CDbAuthManager for more complex authorization data.

公共属性

隐藏继承的属性

属性类型描述被定义在
authFile string the path of the PHP script that contains the authorization data. CPhpAuthManager
authItems array Returns the authorization items of the specific type and user. CPhpAuthManager
behaviors array the behaviors that should be attached to this component. CApplicationComponent
defaultRoles array list of role names that are assigned to all users implicitly. CAuthManager
isInitialized boolean whether this application component has been initialized (i. CApplicationComponent
operations array Returns operations. CAuthManager
roles array Returns roles. CAuthManager
tasks array Returns tasks. CAuthManager

公共方法

隐藏继承的方法

方法描述被定义在
__call() Calls the named method which is not a class method. CComponent
__get() Returns a property value, an event handler list or a behavior based on its name. CComponent
__isset() Checks if a property value is null. CComponent
__set() Sets value of a component property. CComponent
__unset() Sets a component property to be null. CComponent
addItemChild() Adds an item as a child of another item. CPhpAuthManager
asa() Returns the named behavior object. CComponent
assign() Assigns an authorization item to a user. CPhpAuthManager
attachBehavior() Attaches a behavior to this component. CComponent
attachBehaviors() Attaches a list of behaviors to the component. CComponent
attachEventHandler() Attaches an event handler to an event. CComponent
canGetProperty() Determines whether a property can be read. CComponent
canSetProperty() Determines whether a property can be set. CComponent
checkAccess() Performs access check for the specified user. CPhpAuthManager
clearAll() Removes all authorization data. CPhpAuthManager
clearAuthAssignments() Removes all authorization assignments. CPhpAuthManager
createAuthItem() Creates an authorization item. CPhpAuthManager
createOperation() Creates an operation. CAuthManager
createRole() Creates a role. CAuthManager
createTask() Creates a task. CAuthManager
detachBehavior() Detaches a behavior from the component. CComponent
detachBehaviors() Detaches all behaviors from the component. CComponent
detachEventHandler() Detaches an existing event handler. CComponent
disableBehavior() Disables an attached behavior. CComponent
disableBehaviors() Disables all behaviors attached to this component. CComponent
enableBehavior() Enables an attached behavior. CComponent
enableBehaviors() Enables all behaviors attached to this component. CComponent
executeBizRule() Executes the specified business rule. CAuthManager
getAuthAssignment() Returns the item assignment information. CPhpAuthManager
getAuthAssignments() Returns the item assignments for the specified user. CPhpAuthManager
getAuthItem() Returns the authorization item with the specified name. CPhpAuthManager
getAuthItems() Returns the authorization items of the specific type and user. CPhpAuthManager
getEventHandlers() Returns the list of attached event handlers for an event. CComponent
getIsInitialized() CApplicationComponent
getItemChildren() Returns the children of the specified item. CPhpAuthManager
getOperations() Returns operations. CAuthManager
getRoles() Returns roles. CAuthManager
getTasks() Returns tasks. CAuthManager
hasEvent() Determines whether an event is defined. CComponent
hasEventHandler() Checks whether the named event has attached handlers. CComponent
hasItemChild() Returns a value indicating whether a child exists within a parent. CPhpAuthManager
hasProperty() Determines whether a property is defined. CComponent
init() Initializes the application component. CPhpAuthManager
isAssigned() Returns a value indicating whether the item has been assigned to the user. CPhpAuthManager
load() Loads authorization data. CPhpAuthManager
raiseEvent() Raises an event. CComponent
removeAuthItem() Removes the specified authorization item. CPhpAuthManager
removeItemChild() Removes a child from its parent. CPhpAuthManager
revoke() Revokes an authorization assignment from a user. CPhpAuthManager
save() Saves authorization data into persistent storage. CPhpAuthManager
saveAuthAssignment() Saves the changes to an authorization assignment. CPhpAuthManager
saveAuthItem() Saves an authorization item to persistent storage. CPhpAuthManager

受保护的方法

隐藏继承的方法

方法描述被定义在
checkDefaultRoles() Checks the access based on the default roles as declared in defaultRoles. CPhpAuthManager
checkItemChildType() Checks the item types to make sure a child can be added to a parent. CAuthManager
detectLoop() Checks whether there is a loop in the authorization item hierarchy. CPhpAuthManager
loadFromFile() Loads the authorization data from a PHP script file. CPhpAuthManager
saveToFile() Saves the authorization data to a PHP script file. CPhpAuthManager

属性详情

authFile 属性
public string $authFile;

the path of the PHP script that contains the authorization data. If not set, it will be using 'protected/data/auth.php' as the data file. Make sure this file is writable by the Web server process if the authorization needs to be changed.

authItems 属性 只读
public array getAuthItems(integer $type=NULL, mixed $userId=NULL)

Returns the authorization items of the specific type and user.

方法详情

addItemChild() 方法
public void addItemChild(string $itemName, string $childName)
$itemName string the parent item name
$childName string the child item name

Adds an item as a child of another item.

assign() 方法
public CAuthAssignment assign(string $itemName, mixed $userId, string $bizRule=NULL, mixed $data=NULL)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
$bizRule string the business rule to be executed when checkAccess is called for this particular authorization item.
$data mixed additional data associated with this assignment
{return} CAuthAssignment the authorization assignment information.

Assigns an authorization item to a user.

checkAccess() 方法
public boolean checkAccess(string $itemName, mixed $userId, array $params=array ( ))
$itemName string the name of the operation that need access check
$userId mixed the user ID. This should can be either an integer and a string representing the unique identifier of a user. See IWebUser::getId.
$params array name-value pairs that would be passed to biz rules associated with the tasks and roles assigned to the user.
{return} boolean whether the operations can be performed by the user.

Performs access check for the specified user.

checkDefaultRoles() 方法 (自版本 v1.0.3 可用)
protected boolean checkDefaultRoles(string $itemName, array $params)
$itemName string the name of the operation that need access check
$params array name-value pairs that would be passed to biz rules associated with the tasks and roles assigned to the user.
{return} boolean whether the operations can be performed by the user according to the default roles.

Checks the access based on the default roles as declared in defaultRoles.

clearAll() 方法
public void clearAll()

Removes all authorization data.

clearAuthAssignments() 方法
public void clearAuthAssignments()

Removes all authorization assignments.

createAuthItem() 方法
public CAuthItem createAuthItem(string $name, integer $type, string $description='', string $bizRule=NULL, mixed $data=NULL)
$name string the item name. This must be a unique identifier.
$type integer the item type (0: operation, 1: task, 2: role).
$description string description of the item
$bizRule string business rule associated with the item. This is a piece of PHP code that will be executed when checkAccess is called for the item.
$data mixed additional data associated with the item.
{return} CAuthItem the authorization item

Creates an authorization item. An authorization item represents an action permission (e.g. creating a post). It has three types: operation, task and role. Authorization items form a hierarchy. Higher level items inheirt permissions representing by lower level items.

detectLoop() 方法
protected boolean detectLoop(string $itemName, string $childName)
$itemName string parent item name
$childName string the name of the child item that is to be added to the hierarchy
{return} boolean whether a loop exists

Checks whether there is a loop in the authorization item hierarchy.

getAuthAssignment() 方法
public CAuthAssignment getAuthAssignment(string $itemName, mixed $userId)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
{return} CAuthAssignment the item assignment information. Null is returned if the item is not assigned to the user.

Returns the item assignment information.

getAuthAssignments() 方法
public array getAuthAssignments(mixed $userId)
$userId mixed the user ID (see IWebUser::getId)
{return} array the item assignment information for the user. An empty array will be returned if there is no item assigned to the user.

Returns the item assignments for the specified user.

getAuthItem() 方法
public CAuthItem getAuthItem(string $name)
$name string the name of the item
{return} CAuthItem the authorization item. Null if the item cannot be found.

Returns the authorization item with the specified name.

getAuthItems() 方法
public array getAuthItems(integer $type=NULL, mixed $userId=NULL)
$type integer the item type (0: operation, 1: task, 2: role). Defaults to null, meaning returning all items regardless of their type.
$userId mixed the user ID. Defaults to null, meaning returning all items even if they are not assigned to a user.
{return} array the authorization items of the specific type.

Returns the authorization items of the specific type and user.

getItemChildren() 方法
public array getItemChildren(mixed $names)
$names mixed the parent item name. This can be either a string or an array. The latter represents a list of item names (available since version 1.0.5).
{return} array all child items of the parent

Returns the children of the specified item.

hasItemChild() 方法
public boolean hasItemChild(string $itemName, string $childName)
$itemName string the parent item name
$childName string the child item name
{return} boolean whether the child exists

Returns a value indicating whether a child exists within a parent.

init() 方法
public void init()

Initializes the application component. This method overrides parent implementation by loading the authorization data from PHP script.

isAssigned() 方法
public boolean isAssigned(string $itemName, mixed $userId)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
{return} boolean whether the item has been assigned to the user.

Returns a value indicating whether the item has been assigned to the user.

load() 方法
public void load()

Loads authorization data.

loadFromFile() 方法
protected array loadFromFile(string $file)
$file string the file path.
{return} array the authorization data

Loads the authorization data from a PHP script file.

参见

removeAuthItem() 方法
public boolean removeAuthItem(string $name)
$name string the name of the item to be removed
{return} boolean whether the item exists in the storage and has been removed

Removes the specified authorization item.

removeItemChild() 方法
public boolean removeItemChild(string $itemName, string $childName)
$itemName string the parent item name
$childName string the child item name
{return} boolean whether the removal is successful

Removes a child from its parent. Note, the child item is not deleted. Only the parent-child relationship is removed.

revoke() 方法
public boolean revoke(string $itemName, mixed $userId)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
{return} boolean whether removal is successful

Revokes an authorization assignment from a user.

save() 方法
public void save()

Saves authorization data into persistent storage. If any change is made to the authorization data, please make sure you call this method to save the changed data into persistent storage.

saveAuthAssignment() 方法
public void saveAuthAssignment(CAuthAssignment $assignment)
$assignment CAuthAssignment the assignment that has been changed.

Saves the changes to an authorization assignment.

saveAuthItem() 方法
public void saveAuthItem(CAuthItem $item, string $oldName=NULL)
$item CAuthItem the item to be saved.
$oldName string the old item name. If null, it means the item name is not changed.

Saves an authorization item to persistent storage.

saveToFile() 方法
protected void saveToFile(array $data, string $file)
$data array the authorization data
$file string the file path.

Saves the authorization data to a PHP script file.

参见