BenoitCier
/
Opendistrib
форкнуто от Laclic/Souke
Следить 1
В избранное 0
Форкнуть 0
Код Задачи 0 Pull Request'ы 0 Релизы 0 Вики Активность
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
46 коммитов
2 Ветки
Дерево: 57ad0b4f06
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из '57ad0b4f06'
${ noResults }
Opendistrib/vendor/yiisoft/yii2/rbac/PhpManager.php

855 lines
25KB
Исходник Blame История 

  1. <?php

  2. /**

  3.  * @link http://www.yiiframework.com/

  4.  * @copyright Copyright (c) 2008 Yii Software LLC

  5.  * @license http://www.yiiframework.com/license/

  6.  */

  7. 

  8. namespace yii\rbac;

  9. 

  10. use yii\base\InvalidCallException;

  11. use yii\base\InvalidParamException;

  12. use Yii;

  13. use yii\helpers\VarDumper;

  14. 

  15. /**

  16.  * PhpManager represents an authorization manager that stores authorization

  17.  * information in terms of a PHP script file.

  18.  *

  19.  * The authorization data will be saved to and loaded from three files

  20.  * specified by [[itemFile]], [[assignmentFile]] and [[ruleFile]].

  21.  *

  22.  * PhpManager is mainly suitable for authorization data that is not too big

  23.  * (for example, the authorization data for a personal blog system).

  24.  * Use [[DbManager]] for more complex authorization data.

  25.  *

  26.  * Note that PhpManager is not compatible with facebooks [HHVM](http://hhvm.com/) because

  27.  * it relies on writing php files and including them afterwards which is not supported by HHVM.

  28.  *

  29.  * @author Qiang Xue <qiang.xue@gmail.com>

  30.  * @author Alexander Kochetov <creocoder@gmail.com>

  31.  * @author Christophe Boulain <christophe.boulain@gmail.com>

  32.  * @author Alexander Makarov <sam@rmcreative.ru>

  33.  * @since 2.0

  34.  */

  35. class PhpManager extends BaseManager

  36. {

  37.     /**

  38.      * @var string the path of the PHP script that contains the authorization items.

  39.      * This can be either a file path or a path alias to the file.

  40.      * Make sure this file is writable by the Web server process if the authorization needs to be changed online.

  41.      * @see loadFromFile()

  42.      * @see saveToFile()

  43.      */

  44.     public $itemFile = '@app/rbac/items.php';

  45.     /**

  46.      * @var string the path of the PHP script that contains the authorization assignments.

  47.      * This can be either a file path or a path alias to the file.

  48.      * Make sure this file is writable by the Web server process if the authorization needs to be changed online.

  49.      * @see loadFromFile()

  50.      * @see saveToFile()

  51.      */

  52.     public $assignmentFile = '@app/rbac/assignments.php';

  53.     /**

  54.      * @var string the path of the PHP script that contains the authorization rules.

  55.      * This can be either a file path or a path alias to the file.

  56.      * Make sure this file is writable by the Web server process if the authorization needs to be changed online.

  57.      * @see loadFromFile()

  58.      * @see saveToFile()

  59.      */

  60.     public $ruleFile = '@app/rbac/rules.php';

  61. 

  62.     /**

  63.      * @var Item[]

  64.      */

  65.     protected $items = []; // itemName => item

  66.     /**

  67.      * @var array

  68.      */

  69.     protected $children = []; // itemName, childName => child

  70.     /**

  71.      * @var array

  72.      */

  73.     protected $assignments = []; // userId, itemName => assignment

  74.     /**

  75.      * @var Rule[]

  76.      */

  77.     protected $rules = []; // ruleName => rule

  78. 

  79. 

  80.     /**

  81.      * Initializes the application component.

  82.      * This method overrides parent implementation by loading the authorization data

  83.      * from PHP script.

  84.      */

  85.     public function init()

  86.     {

  87.         parent::init();

  88.         $this->itemFile = Yii::getAlias($this->itemFile);

  89.         $this->assignmentFile = Yii::getAlias($this->assignmentFile);

  90.         $this->ruleFile = Yii::getAlias($this->ruleFile);

  91.         $this->load();

  92.     }

  93. 

  94.     /**

  95.      * @inheritdoc

  96.      */

  97.     public function checkAccess($userId, $permissionName, $params = [])

  98.     {

  99.         $assignments = $this->getAssignments($userId);

  100.         return $this->checkAccessRecursive($userId, $permissionName, $params, $assignments);

  101.     }

  102. 

  103.     /**

  104.      * @inheritdoc

  105.      */

  106.     public function getAssignments($userId)

  107.     {

  108.         return isset($this->assignments[$userId]) ? $this->assignments[$userId] : [];

  109.     }

  110. 

  111.     /**

  112.      * Performs access check for the specified user.

  113.      * This method is internally called by [[checkAccess()]].

  114.      *

  115.      * @param string|integer $user the user ID. This should can be either an integer or a string representing

  116.      * the unique identifier of a user. See [[\yii\web\User::id]].

  117.      * @param string $itemName the name of the operation that need access check

  118.      * @param array $params name-value pairs that would be passed to rules associated

  119.      * with the tasks and roles assigned to the user. A param with name 'user' is added to this array,

  120.      * which holds the value of `$userId`.

  121.      * @param Assignment[] $assignments the assignments to the specified user

  122.      * @return boolean whether the operations can be performed by the user.

  123.      */

  124.     protected function checkAccessRecursive($user, $itemName, $params, $assignments)

  125.     {

  126.         if (!isset($this->items[$itemName])) {

  127.             return false;

  128.         }

  129. 

  130.         /* @var $item Item */

  131.         $item = $this->items[$itemName];

  132.         Yii::trace($item instanceof Role ? "Checking role: $itemName" : "Checking permission : $itemName", __METHOD__);

  133. 

  134.         if (!$this->executeRule($user, $item, $params)) {

  135.             return false;

  136.         }

  137. 

  138.         if (isset($assignments[$itemName]) || in_array($itemName, $this->defaultRoles)) {

  139.             return true;

  140.         }

  141. 

  142.         foreach ($this->children as $parentName => $children) {

  143.             if (isset($children[$itemName]) && $this->checkAccessRecursive($user, $parentName, $params, $assignments)) {

  144.                 return true;

  145.             }

  146.         }

  147. 

  148.         return false;

  149.     }

  150. 

  151.     /**

  152.      * @inheritdoc

  153.      * @since 2.0.8

  154.      */

  155.     public function canAddChild($parent, $child)

  156.     {

  157.         return !$this->detectLoop($parent, $child);

  158.     }

  159. 

  160.     /**

  161.      * @inheritdoc

  162.      */

  163.     public function addChild($parent, $child)

  164.     {

  165.         if (!isset($this->items[$parent->name], $this->items[$child->name])) {

  166.             throw new InvalidParamException("Either '{$parent->name}' or '{$child->name}' does not exist.");

  167.         }

  168. 

  169.         if ($parent->name === $child->name) {

  170.             throw new InvalidParamException("Cannot add '{$parent->name} ' as a child of itself.");

  171.         }

  172.         if ($parent instanceof Permission && $child instanceof Role) {

  173.             throw new InvalidParamException('Cannot add a role as a child of a permission.');

  174.         }

  175. 

  176.         if ($this->detectLoop($parent, $child)) {

  177.             throw new InvalidCallException("Cannot add '{$child->name}' as a child of '{$parent->name}'. A loop has been detected.");

  178.         }

  179.         if (isset($this->children[$parent->name][$child->name])) {

  180.             throw new InvalidCallException("The item '{$parent->name}' already has a child '{$child->name}'.");

  181.         }

  182.         $this->children[$parent->name][$child->name] = $this->items[$child->name];

  183.         $this->saveItems();

  184. 

  185.         return true;

  186.     }

  187. 

  188.     /**

  189.      * Checks whether there is a loop in the authorization item hierarchy.

  190.      *

  191.      * @param Item $parent parent item

  192.      * @param Item $child the child item that is to be added to the hierarchy

  193.      * @return boolean whether a loop exists

  194.      */

  195.     protected function detectLoop($parent, $child)

  196.     {

  197.         if ($child->name === $parent->name) {

  198.             return true;

  199.         }

  200.         if (!isset($this->children[$child->name], $this->items[$parent->name])) {

  201.             return false;

  202.         }

  203.         foreach ($this->children[$child->name] as $grandchild) {

  204.             /* @var $grandchild Item */

  205.             if ($this->detectLoop($parent, $grandchild)) {

  206.                 return true;

  207.             }

  208.         }

  209. 

  210.         return false;

  211.     }

  212. 

  213.     /**

  214.      * @inheritdoc

  215.      */

  216.     public function removeChild($parent, $child)

  217.     {

  218.         if (isset($this->children[$parent->name][$child->name])) {

  219.             unset($this->children[$parent->name][$child->name]);

  220.             $this->saveItems();

  221.             return true;

  222.         } else {

  223.             return false;

  224.         }

  225.     }

  226. 

  227.     /**

  228.      * @inheritdoc

  229.      */

  230.     public function removeChildren($parent)

  231.     {

  232.         if (isset($this->children[$parent->name])) {

  233.             unset($this->children[$parent->name]);

  234.             $this->saveItems();

  235.             return true;

  236.         } else {

  237.             return false;

  238.         }

  239.     }

  240. 

  241.     /**

  242.      * @inheritdoc

  243.      */

  244.     public function hasChild($parent, $child)

  245.     {

  246.         return isset($this->children[$parent->name][$child->name]);

  247.     }

  248. 

  249.     /**

  250.      * @inheritdoc

  251.      */

  252.     public function assign($role, $userId)

  253.     {

  254.         if (!isset($this->items[$role->name])) {

  255.             throw new InvalidParamException("Unknown role '{$role->name}'.");

  256.         } elseif (isset($this->assignments[$userId][$role->name])) {

  257.             throw new InvalidParamException("Authorization item '{$role->name}' has already been assigned to user '$userId'.");

  258.         } else {

  259.             $this->assignments[$userId][$role->name] = new Assignment([

  260.                 'userId' => $userId,

  261.                 'roleName' => $role->name,

  262.                 'createdAt' => time(),

  263.             ]);

  264.             $this->saveAssignments();

  265.             return $this->assignments[$userId][$role->name];

  266.         }

  267.     }

  268. 

  269.     /**

  270.      * @inheritdoc

  271.      */

  272.     public function revoke($role, $userId)

  273.     {

  274.         if (isset($this->assignments[$userId][$role->name])) {

  275.             unset($this->assignments[$userId][$role->name]);

  276.             $this->saveAssignments();

  277.             return true;

  278.         } else {

  279.             return false;

  280.         }

  281.     }

  282. 

  283.     /**

  284.      * @inheritdoc

  285.      */

  286.     public function revokeAll($userId)

  287.     {

  288.         if (isset($this->assignments[$userId]) && is_array($this->assignments[$userId])) {

  289.             foreach ($this->assignments[$userId] as $itemName => $value) {

  290.                 unset($this->assignments[$userId][$itemName]);

  291.             }

  292.             $this->saveAssignments();

  293.             return true;

  294.         } else {

  295.             return false;

  296.         }

  297.     }

  298. 

  299.     /**

  300.      * @inheritdoc

  301.      */

  302.     public function getAssignment($roleName, $userId)

  303.     {

  304.         return isset($this->assignments[$userId][$roleName]) ? $this->assignments[$userId][$roleName] : null;

  305.     }

  306. 

  307.     /**

  308.      * @inheritdoc

  309.      */

  310.     public function getItems($type)

  311.     {

  312.         $items = [];

  313. 

  314.         foreach ($this->items as $name => $item) {

  315.             /* @var $item Item */

  316.             if ($item->type == $type) {

  317.                 $items[$name] = $item;

  318.             }

  319.         }

  320. 

  321.         return $items;

  322.     }

  323. 

  324. 

  325.     /**

  326.      * @inheritdoc

  327.      */

  328.     public function removeItem($item)

  329.     {

  330.         if (isset($this->items[$item->name])) {

  331.             foreach ($this->children as &$children) {

  332.                 unset($children[$item->name]);

  333.             }

  334.             foreach ($this->assignments as &$assignments) {

  335.                 unset($assignments[$item->name]);

  336.             }

  337.             unset($this->items[$item->name]);

  338.             $this->saveItems();

  339.             $this->saveAssignments();

  340.             return true;

  341.         } else {

  342.             return false;

  343.         }

  344.     }

  345. 

  346.     /**

  347.      * @inheritdoc

  348.      */

  349.     public function getItem($name)

  350.     {

  351.         return isset($this->items[$name]) ? $this->items[$name] : null;

  352.     }

  353. 

  354.     /**

  355.      * @inheritdoc

  356.      */

  357.     public function updateRule($name, $rule)

  358.     {

  359.         if ($rule->name !== $name) {

  360.             unset($this->rules[$name]);

  361.         }

  362.         $this->rules[$rule->name] = $rule;

  363.         $this->saveRules();

  364.         return true;

  365.     }

  366. 

  367.     /**

  368.      * @inheritdoc

  369.      */

  370.     public function getRule($name)

  371.     {

  372.         return isset($this->rules[$name]) ? $this->rules[$name] : null;

  373.     }

  374. 

  375.     /**

  376.      * @inheritdoc

  377.      */

  378.     public function getRules()

  379.     {

  380.         return $this->rules;

  381.     }

  382. 

  383.     /**

  384.      * @inheritdoc

  385.      */

  386.     public function getRolesByUser($userId)

  387.     {

  388.         $roles = [];

  389.         foreach ($this->getAssignments($userId) as $name => $assignment) {

  390.             $role = $this->items[$assignment->roleName];

  391.             if ($role->type === Item::TYPE_ROLE) {

  392.                 $roles[$name] = $role;

  393.             }

  394.         }

  395. 

  396.         return $roles;

  397.     }

  398. 

  399.     /**

  400.      * @inheritdoc

  401.      */

  402.     public function getPermissionsByRole($roleName)

  403.     {

  404.         $result = [];

  405.         $this->getChildrenRecursive($roleName, $result);

  406.         if (empty($result)) {

  407.             return [];

  408.         }

  409.         $permissions = [];

  410.         foreach (array_keys($result) as $itemName) {

  411.             if (isset($this->items[$itemName]) && $this->items[$itemName] instanceof Permission) {

  412.                 $permissions[$itemName] = $this->items[$itemName];

  413.             }

  414.         }

  415.         return $permissions;

  416.     }

  417. 

  418.     /**

  419.      * Recursively finds all children and grand children of the specified item.

  420.      *

  421.      * @param string $name the name of the item whose children are to be looked for.

  422.      * @param array $result the children and grand children (in array keys)

  423.      */

  424.     protected function getChildrenRecursive($name, &$result)

  425.     {

  426.         if (isset($this->children[$name])) {

  427.             foreach ($this->children[$name] as $child) {

  428.                 $result[$child->name] = true;

  429.                 $this->getChildrenRecursive($child->name, $result);

  430.             }

  431.         }

  432.     }

  433. 

  434.     /**

  435.      * @inheritdoc

  436.      */

  437.     public function getPermissionsByUser($userId)

  438.     {

  439.         $directPermission = $this->getDirectPermissionsByUser($userId);

  440.         $inheritedPermission = $this->getInheritedPermissionsByUser($userId);

  441. 

  442.         return array_merge($directPermission, $inheritedPermission);

  443.     }

  444. 

  445.     /**

  446.      * Returns all permissions that are directly assigned to user.

  447.      * @param string|integer $userId the user ID (see [[\yii\web\User::id]])

  448.      * @return Permission[] all direct permissions that the user has. The array is indexed by the permission names.

  449.      * @since 2.0.7

  450.      */

  451.     protected function getDirectPermissionsByUser($userId)

  452.     {

  453.         $permissions = [];

  454.         foreach ($this->getAssignments($userId) as $name => $assignment) {

  455.             $permission = $this->items[$assignment->roleName];

  456.             if ($permission->type === Item::TYPE_PERMISSION) {

  457.                 $permissions[$name] = $permission;

  458.             }

  459.         }

  460. 

  461.         return $permissions;

  462.     }

  463. 

  464.     /**

  465.      * Returns all permissions that the user inherits from the roles assigned to him.

  466.      * @param string|integer $userId the user ID (see [[\yii\web\User::id]])

  467.      * @return Permission[] all inherited permissions that the user has. The array is indexed by the permission names.

  468.      * @since 2.0.7

  469.      */

  470.     protected function getInheritedPermissionsByUser($userId)

  471.     {

  472.         $assignments = $this->getAssignments($userId);

  473.         $result = [];

  474.         foreach (array_keys($assignments) as $roleName) {

  475.             $this->getChildrenRecursive($roleName, $result);

  476.         }

  477. 

  478.         if (empty($result)) {

  479.             return [];

  480.         }

  481. 

  482.         $permissions = [];

  483.         foreach (array_keys($result) as $itemName) {

  484.             if (isset($this->items[$itemName]) && $this->items[$itemName] instanceof Permission) {

  485.                 $permissions[$itemName] = $this->items[$itemName];

  486.             }

  487.         }

  488.         return $permissions;

  489.     }

  490. 

  491.     /**

  492.      * @inheritdoc

  493.      */

  494.     public function getChildren($name)

  495.     {

  496.         return isset($this->children[$name]) ? $this->children[$name] : [];

  497.     }

  498. 

  499.     /**

  500.      * @inheritdoc

  501.      */

  502.     public function removeAll()

  503.     {

  504.         $this->children = [];

  505.         $this->items = [];

  506.         $this->assignments = [];

  507.         $this->rules = [];

  508.         $this->save();

  509.     }

  510. 

  511.     /**

  512.      * @inheritdoc

  513.      */

  514.     public function removeAllPermissions()

  515.     {

  516.         $this->removeAllItems(Item::TYPE_PERMISSION);

  517.     }

  518. 

  519.     /**

  520.      * @inheritdoc

  521.      */

  522.     public function removeAllRoles()

  523.     {

  524.         $this->removeAllItems(Item::TYPE_ROLE);

  525.     }

  526. 

  527.     /**

  528.      * Removes all auth items of the specified type.

  529.      * @param integer $type the auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE)

  530.      */

  531.     protected function removeAllItems($type)

  532.     {

  533.         $names = [];

  534.         foreach ($this->items as $name => $item) {

  535.             if ($item->type == $type) {

  536.                 unset($this->items[$name]);

  537.                 $names[$name] = true;

  538.             }

  539.         }

  540.         if (empty($names)) {

  541.             return;

  542.         }

  543. 

  544.         foreach ($this->assignments as $i => $assignments) {

  545.             foreach ($assignments as $n => $assignment) {

  546.                 if (isset($names[$assignment->roleName])) {

  547.                     unset($this->assignments[$i][$n]);

  548.                 }

  549.             }

  550.         }

  551.         foreach ($this->children as $name => $children) {

  552.             if (isset($names[$name])) {

  553.                 unset($this->children[$name]);

  554.             } else {

  555.                 foreach ($children as $childName => $item) {

  556.                     if (isset($names[$childName])) {

  557.                         unset($children[$childName]);

  558.                     }

  559.                 }

  560.                 $this->children[$name] = $children;

  561.             }

  562.         }

  563. 

  564.         $this->saveItems();

  565.     }

  566. 

  567.     /**

  568.      * @inheritdoc

  569.      */

  570.     public function removeAllRules()

  571.     {

  572.         foreach ($this->items as $item) {

  573.             $item->ruleName = null;

  574.         }

  575.         $this->rules = [];

  576.         $this->saveRules();

  577.     }

  578. 

  579.     /**

  580.      * @inheritdoc

  581.      */

  582.     public function removeAllAssignments()

  583.     {

  584.         $this->assignments = [];

  585.         $this->saveAssignments();

  586.     }

  587. 

  588.     /**

  589.      * @inheritdoc

  590.      */

  591.     protected function removeRule($rule)

  592.     {

  593.         if (isset($this->rules[$rule->name])) {

  594.             unset($this->rules[$rule->name]);

  595.             foreach ($this->items as $item) {

  596.                 if ($item->ruleName === $rule->name) {

  597.                     $item->ruleName = null;

  598.                 }

  599.             }

  600.             $this->saveRules();

  601.             return true;

  602.         } else {

  603.             return false;

  604.         }

  605.     }

  606. 

  607.     /**

  608.      * @inheritdoc

  609.      */

  610.     protected function addRule($rule)

  611.     {

  612.         $this->rules[$rule->name] = $rule;

  613.         $this->saveRules();

  614.         return true;

  615.     }

  616. 

  617.     /**

  618.      * @inheritdoc

  619.      */

  620.     protected function updateItem($name, $item)

  621.     {

  622.         if ($name !== $item->name) {

  623.             if (isset($this->items[$item->name])) {

  624.                 throw new InvalidParamException("Unable to change the item name. The name '{$item->name}' is already used by another item.");

  625.             } else {

  626.                 // Remove old item in case of renaming

  627.                 unset($this->items[$name]);

  628. 

  629.                 if (isset($this->children[$name])) {

  630.                     $this->children[$item->name] = $this->children[$name];

  631.                     unset($this->children[$name]);

  632.                 }

  633.                 foreach ($this->children as &$children) {

  634.                     if (isset($children[$name])) {

  635.                         $children[$item->name] = $children[$name];

  636.                         unset($children[$name]);

  637.                     }

  638.                 }

  639.                 foreach ($this->assignments as &$assignments) {

  640.                     if (isset($assignments[$name])) {

  641.                         $assignments[$item->name] = $assignments[$name];

  642.                         $assignments[$item->name]->roleName = $item->name;

  643.                         unset($assignments[$name]);

  644.                     }

  645.                 }

  646.                 $this->saveAssignments();

  647.             }

  648.         }

  649. 

  650.         $this->items[$item->name] = $item;

  651. 

  652.         $this->saveItems();

  653.         return true;

  654.     }

  655. 

  656.     /**

  657.      * @inheritdoc

  658.      */

  659.     protected function addItem($item)

  660.     {

  661.         $time = time();

  662.         if ($item->createdAt === null) {

  663.             $item->createdAt = $time;

  664.         }

  665.         if ($item->updatedAt === null) {

  666.             $item->updatedAt = $time;

  667.         }

  668. 

  669.         $this->items[$item->name] = $item;

  670. 

  671.         $this->saveItems();

  672. 

  673.         return true;

  674. 

  675.     }

  676. 

  677.     /**

  678.      * Loads authorization data from persistent storage.

  679.      */

  680.     protected function load()

  681.     {

  682.         $this->children = [];

  683.         $this->rules = [];

  684.         $this->assignments = [];

  685.         $this->items = [];

  686. 

  687.         $items = $this->loadFromFile($this->itemFile);

  688.         $itemsMtime = @filemtime($this->itemFile);

  689.         $assignments = $this->loadFromFile($this->assignmentFile);

  690.         $assignmentsMtime = @filemtime($this->assignmentFile);

  691.         $rules = $this->loadFromFile($this->ruleFile);

  692. 

  693.         foreach ($items as $name => $item) {

  694.             $class = $item['type'] == Item::TYPE_PERMISSION ? Permission::className() : Role::className();

  695. 

  696.             $this->items[$name] = new $class([

  697.                 'name' => $name,

  698.                 'description' => isset($item['description']) ? $item['description'] : null,

  699.                 'ruleName' => isset($item['ruleName']) ? $item['ruleName'] : null,

  700.                 'data' => isset($item['data']) ? $item['data'] : null,

  701.                 'createdAt' => $itemsMtime,

  702.                 'updatedAt' => $itemsMtime,

  703.             ]);

  704.         }

  705. 

  706.         foreach ($items as $name => $item) {

  707.             if (isset($item['children'])) {

  708.                 foreach ($item['children'] as $childName) {

  709.                     if (isset($this->items[$childName])) {

  710.                         $this->children[$name][$childName] = $this->items[$childName];

  711.                     }

  712.                 }

  713.             }

  714.         }

  715. 

  716.         foreach ($assignments as $userId => $roles) {

  717.             foreach ($roles as $role) {

  718.                 $this->assignments[$userId][$role] = new Assignment([

  719.                     'userId' => $userId,

  720.                     'roleName' => $role,

  721.                     'createdAt' => $assignmentsMtime,

  722.                 ]);

  723.             }

  724.         }

  725. 

  726.         foreach ($rules as $name => $ruleData) {

  727.             $this->rules[$name] = unserialize($ruleData);

  728.         }

  729.     }

  730. 

  731.     /**

  732.      * Saves authorization data into persistent storage.

  733.      */

  734.     protected function save()

  735.     {

  736.         $this->saveItems();

  737.         $this->saveAssignments();

  738.         $this->saveRules();

  739.     }

  740. 

  741.     /**

  742.      * Loads the authorization data from a PHP script file.

  743.      *

  744.      * @param string $file the file path.

  745.      * @return array the authorization data

  746.      * @see saveToFile()

  747.      */

  748.     protected function loadFromFile($file)

  749.     {

  750.         if (is_file($file)) {

  751.             return require($file);

  752.         } else {

  753.             return [];

  754.         }

  755.     }

  756. 

  757.     /**

  758.      * Saves the authorization data to a PHP script file.

  759.      *

  760.      * @param array $data the authorization data

  761.      * @param string $file the file path.

  762.      * @see loadFromFile()

  763.      */

  764.     protected function saveToFile($data, $file)

  765.     {

  766.         file_put_contents($file, "<?php\nreturn " . VarDumper::export($data) . ";\n", LOCK_EX);

  767.         $this->invalidateScriptCache($file);

  768.     }

  769. 

  770.     /**

  771.      * Invalidates precompiled script cache (such as OPCache or APC) for the given file.

  772.      * @param string $file the file path.

  773.      * @since 2.0.9

  774.      */

  775.     protected function invalidateScriptCache($file)

  776.     {

  777.         if (function_exists('opcache_invalidate')) {

  778.             opcache_invalidate($file, true);

  779.         }

  780.         if (function_exists('apc_delete_file')) {

  781.             @apc_delete_file($file);

  782.         }

  783.     }

  784. 

  785.     /**

  786.      * Saves items data into persistent storage.

  787.      */

  788.     protected function saveItems()

  789.     {

  790.         $items = [];

  791.         foreach ($this->items as $name => $item) {

  792.             /* @var $item Item */

  793.             $items[$name] = array_filter(

  794.                 [

  795.                     'type' => $item->type,

  796.                     'description' => $item->description,

  797.                     'ruleName' => $item->ruleName,

  798.                     'data' => $item->data,

  799.                 ]

  800.             );

  801.             if (isset($this->children[$name])) {

  802.                 foreach ($this->children[$name] as $child) {

  803.                     /* @var $child Item */

  804.                     $items[$name]['children'][] = $child->name;

  805.                 }

  806.             }

  807.         }

  808.         $this->saveToFile($items, $this->itemFile);

  809.     }

  810. 

  811.     /**

  812.      * Saves assignments data into persistent storage.

  813.      */

  814.     protected function saveAssignments()

  815.     {

  816.         $assignmentData = [];

  817.         foreach ($this->assignments as $userId => $assignments) {

  818.             foreach ($assignments as $name => $assignment) {

  819.                 /* @var $assignment Assignment */

  820.                 $assignmentData[$userId][] = $assignment->roleName;

  821.             }

  822.         }

  823.         $this->saveToFile($assignmentData, $this->assignmentFile);

  824.     }

  825. 

  826.     /**

  827.      * Saves rules data into persistent storage.

  828.      */

  829.     protected function saveRules()

  830.     {

  831.         $rules = [];

  832.         foreach ($this->rules as $name => $rule) {

  833.             $rules[$name] = serialize($rule);

  834.         }

  835.         $this->saveToFile($rules, $this->ruleFile);

  836.     }

  837. 

  838.     /**

  839.      * @inheritdoc

  840.      * @since 2.0.7

  841.      */

  842.     public function getUserIdsByRole($roleName)

  843.     {

  844.         $result = [];

  845.         foreach ($this->assignments as $userID => $assignments) {

  846.             foreach ($assignments as $userAssignment) {

  847.                 if ($userAssignment->roleName === $roleName && $userAssignment->userId == $userID) {

  848.                     $result[] = (string)$userID;

  849.                 }

  850.             }

  851.         }

  852.         return $result;

  853.     }

  854. }