123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223
  1. <?php
  2. /**
  3. * @link http://www.yiiframework.com/
  4. * @copyright Copyright (c) 2008 Yii Software LLC
  5. * @license http://www.yiiframework.com/license/
  6. */
  7. namespace yii\rbac;
  8. use yii\base\Component;
  9. use yii\base\InvalidConfigException;
  10. use yii\base\InvalidParamException;
  11. /**
  12. * BaseManager is a base class implementing [[ManagerInterface]] for RBAC management.
  13. *
  14. * @author Qiang Xue <qiang.xue@gmail.com>
  15. * @since 2.0
  16. */
  17. abstract class BaseManager extends Component implements ManagerInterface
  18. {
  19. /**
  20. * @var array a list of role names that are assigned to every user automatically without calling [[assign()]].
  21. */
  22. public $defaultRoles = [];
  23. /**
  24. * Returns the named auth item.
  25. * @param string $name the auth item name.
  26. * @return Item the auth item corresponding to the specified name. Null is returned if no such item.
  27. */
  28. abstract protected function getItem($name);
  29. /**
  30. * Returns the items of the specified type.
  31. * @param integer $type the auth item type (either [[Item::TYPE_ROLE]] or [[Item::TYPE_PERMISSION]]
  32. * @return Item[] the auth items of the specified type.
  33. */
  34. abstract protected function getItems($type);
  35. /**
  36. * Adds an auth item to the RBAC system.
  37. * @param Item $item the item to add
  38. * @return boolean whether the auth item is successfully added to the system
  39. * @throws \Exception if data validation or saving fails (such as the name of the role or permission is not unique)
  40. */
  41. abstract protected function addItem($item);
  42. /**
  43. * Adds a rule to the RBAC system.
  44. * @param Rule $rule the rule to add
  45. * @return boolean whether the rule is successfully added to the system
  46. * @throws \Exception if data validation or saving fails (such as the name of the rule is not unique)
  47. */
  48. abstract protected function addRule($rule);
  49. /**
  50. * Removes an auth item from the RBAC system.
  51. * @param Item $item the item to remove
  52. * @return boolean whether the role or permission is successfully removed
  53. * @throws \Exception if data validation or saving fails (such as the name of the role or permission is not unique)
  54. */
  55. abstract protected function removeItem($item);
  56. /**
  57. * Removes a rule from the RBAC system.
  58. * @param Rule $rule the rule to remove
  59. * @return boolean whether the rule is successfully removed
  60. * @throws \Exception if data validation or saving fails (such as the name of the rule is not unique)
  61. */
  62. abstract protected function removeRule($rule);
  63. /**
  64. * Updates an auth item in the RBAC system.
  65. * @param string $name the name of the item being updated
  66. * @param Item $item the updated item
  67. * @return boolean whether the auth item is successfully updated
  68. * @throws \Exception if data validation or saving fails (such as the name of the role or permission is not unique)
  69. */
  70. abstract protected function updateItem($name, $item);
  71. /**
  72. * Updates a rule to the RBAC system.
  73. * @param string $name the name of the rule being updated
  74. * @param Rule $rule the updated rule
  75. * @return boolean whether the rule is successfully updated
  76. * @throws \Exception if data validation or saving fails (such as the name of the rule is not unique)
  77. */
  78. abstract protected function updateRule($name, $rule);
  79. /**
  80. * @inheritdoc
  81. */
  82. public function createRole($name)
  83. {
  84. $role = new Role();
  85. $role->name = $name;
  86. return $role;
  87. }
  88. /**
  89. * @inheritdoc
  90. */
  91. public function createPermission($name)
  92. {
  93. $permission = new Permission();
  94. $permission->name = $name;
  95. return $permission;
  96. }
  97. /**
  98. * @inheritdoc
  99. */
  100. public function add($object)
  101. {
  102. if ($object instanceof Item) {
  103. if ($object->ruleName && $this->getRule($object->ruleName) === null) {
  104. $rule = \Yii::createObject($object->ruleName);
  105. $rule->name = $object->ruleName;
  106. $this->addRule($rule);
  107. }
  108. return $this->addItem($object);
  109. } elseif ($object instanceof Rule) {
  110. return $this->addRule($object);
  111. } else {
  112. throw new InvalidParamException('Adding unsupported object type.');
  113. }
  114. }
  115. /**
  116. * @inheritdoc
  117. */
  118. public function remove($object)
  119. {
  120. if ($object instanceof Item) {
  121. return $this->removeItem($object);
  122. } elseif ($object instanceof Rule) {
  123. return $this->removeRule($object);
  124. } else {
  125. throw new InvalidParamException('Removing unsupported object type.');
  126. }
  127. }
  128. /**
  129. * @inheritdoc
  130. */
  131. public function update($name, $object)
  132. {
  133. if ($object instanceof Item) {
  134. if ($object->ruleName && $this->getRule($object->ruleName) === null) {
  135. $rule = \Yii::createObject($object->ruleName);
  136. $rule->name = $object->ruleName;
  137. $this->addRule($rule);
  138. }
  139. return $this->updateItem($name, $object);
  140. } elseif ($object instanceof Rule) {
  141. return $this->updateRule($name, $object);
  142. } else {
  143. throw new InvalidParamException('Updating unsupported object type.');
  144. }
  145. }
  146. /**
  147. * @inheritdoc
  148. */
  149. public function getRole($name)
  150. {
  151. $item = $this->getItem($name);
  152. return $item instanceof Item && $item->type == Item::TYPE_ROLE ? $item : null;
  153. }
  154. /**
  155. * @inheritdoc
  156. */
  157. public function getPermission($name)
  158. {
  159. $item = $this->getItem($name);
  160. return $item instanceof Item && $item->type == Item::TYPE_PERMISSION ? $item : null;
  161. }
  162. /**
  163. * @inheritdoc
  164. */
  165. public function getRoles()
  166. {
  167. return $this->getItems(Item::TYPE_ROLE);
  168. }
  169. /**
  170. * @inheritdoc
  171. */
  172. public function getPermissions()
  173. {
  174. return $this->getItems(Item::TYPE_PERMISSION);
  175. }
  176. /**
  177. * Executes the rule associated with the specified auth item.
  178. *
  179. * If the item does not specify a rule, this method will return true. Otherwise, it will
  180. * return the value of [[Rule::execute()]].
  181. *
  182. * @param string|integer $user the user ID. This should be either an integer or a string representing
  183. * the unique identifier of a user. See [[\yii\web\User::id]].
  184. * @param Item $item the auth item that needs to execute its rule
  185. * @param array $params parameters passed to [[CheckAccessInterface::checkAccess()]] and will be passed to the rule
  186. * @return boolean the return value of [[Rule::execute()]]. If the auth item does not specify a rule, true will be returned.
  187. * @throws InvalidConfigException if the auth item has an invalid rule.
  188. */
  189. protected function executeRule($user, $item, $params)
  190. {
  191. if ($item->ruleName === null) {
  192. return true;
  193. }
  194. $rule = $this->getRule($item->ruleName);
  195. if ($rule instanceof Rule) {
  196. return $rule->execute($user, $item, $params);
  197. } else {
  198. throw new InvalidConfigException("Rule not found: {$item->ruleName}");
  199. }
  200. }
  201. }