BenoitCier
/
Opendistrib
форкнуто от Laclic/Souke
Следить 1
В избранное 0
Форкнуть 0
Код Задачи 0 Pull Request'ы 0 Релизы 0 Вики Активность
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
3 коммитов
2 Ветки
Дерево: c34e5111c8
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из 'c34e5111c8'
${ noResults }
Opendistrib/vendor/yiisoft/yii2/rbac/DbManager.php

915 lines
27KB
Исходник Blame История 

  1. <?php

  2. /**

  3.  * @link http://www.yiiframework.com/

  4.  * @copyright Copyright (c) 2008 Yii Software LLC

  5.  * @license http://www.yiiframework.com/license/

  6.  */

  7. 

  8. namespace yii\rbac;

  9. 

  10. use Yii;

  11. use yii\caching\Cache;

  12. use yii\db\Connection;

  13. use yii\db\Query;

  14. use yii\db\Expression;

  15. use yii\base\InvalidCallException;

  16. use yii\base\InvalidParamException;

  17. use yii\di\Instance;

  18. 

  19. /**

  20.  * DbManager represents an authorization manager that stores authorization information in database.

  21.  *

  22.  * The database connection is specified by [[db]]. The database schema could be initialized by applying migration:

  23.  *

  24.  * ```

  25.  * yii migrate --migrationPath=@yii/rbac/migrations/

  26.  * ```

  27.  *

  28.  * If you don't want to use migration and need SQL instead, files for all databases are in migrations directory.

  29.  *

  30.  * You may change the names of the three tables used to store the authorization data by setting [[itemTable]],

  31.  * [[itemChildTable]] and [[assignmentTable]].

  32.  *

  33.  * @author Qiang Xue <qiang.xue@gmail.com>

  34.  * @author Alexander Kochetov <creocoder@gmail.com>

  35.  * @since 2.0

  36.  */

  37. class DbManager extends BaseManager

  38. {

  39.     /**

  40.      * @var Connection|array|string the DB connection object or the application component ID of the DB connection.

  41.      * After the DbManager object is created, if you want to change this property, you should only assign it

  42.      * with a DB connection object.

  43.      * Starting from version 2.0.2, this can also be a configuration array for creating the object.

  44.      */

  45.     public $db = 'db';

  46.     /**

  47.      * @var string the name of the table storing authorization items. Defaults to "auth_item".

  48.      */

  49.     public $itemTable = '{{%auth_item}}';

  50.     /**

  51.      * @var string the name of the table storing authorization item hierarchy. Defaults to "auth_item_child".

  52.      */

  53.     public $itemChildTable = '{{%auth_item_child}}';

  54.     /**

  55.      * @var string the name of the table storing authorization item assignments. Defaults to "auth_assignment".

  56.      */

  57.     public $assignmentTable = '{{%auth_assignment}}';

  58.     /**

  59.      * @var string the name of the table storing rules. Defaults to "auth_rule".

  60.      */

  61.     public $ruleTable = '{{%auth_rule}}';

  62.     /**

  63.      * @var Cache|array|string the cache used to improve RBAC performance. This can be one of the followings:

  64.      *

  65.      * - an application component ID (e.g. `cache`)

  66.      * - a configuration array

  67.      * - a [[yii\caching\Cache]] object

  68.      *

  69.      * When this is not set, it means caching is not enabled.

  70.      *

  71.      * Note that by enabling RBAC cache, all auth items, rules and auth item parent-child relationships will

  72.      * be cached and loaded into memory. This will improve the performance of RBAC permission check. However,

  73.      * it does require extra memory and as a result may not be appropriate if your RBAC system contains too many

  74.      * auth items. You should seek other RBAC implementations (e.g. RBAC based on Redis storage) in this case.

  75.      *

  76.      * Also note that if you modify RBAC items, rules or parent-child relationships from outside of this component,

  77.      * you have to manually call [[invalidateCache()]] to ensure data consistency.

  78.      *

  79.      * @since 2.0.3

  80.      */

  81.     public $cache;

  82.     /**

  83.      * @var string the key used to store RBAC data in cache

  84.      * @see cache

  85.      * @since 2.0.3

  86.      */

  87.     public $cacheKey = 'rbac';

  88.     /**

  89.      * @var Item[] all auth items (name => Item)

  90.      */

  91.     protected $items;

  92.     /**

  93.      * @var Rule[] all auth rules (name => Rule)

  94.      */

  95.     protected $rules;

  96.     /**

  97.      * @var array auth item parent-child relationships (childName => list of parents)

  98.      */

  99.     protected $parents;

  100. 

  101.     /**

  102.      * Initializes the application component.

  103.      * This method overrides the parent implementation by establishing the database connection.

  104.      */

  105.     public function init()

  106.     {

  107.         parent::init();

  108.         $this->db = Instance::ensure($this->db, Connection::className());

  109.         if ($this->cache !== null) {

  110.             $this->cache = Instance::ensure($this->cache, Cache::className());

  111.         }

  112.     }

  113. 

  114.     /**

  115.      * @inheritdoc

  116.      */

  117.     public function checkAccess($userId, $permissionName, $params = [])

  118.     {

  119.         $assignments = $this->getAssignments($userId);

  120.         $this->loadFromCache();

  121.         if ($this->items !== null) {

  122.             return $this->checkAccessFromCache($userId, $permissionName, $params, $assignments);

  123.         } else {

  124.             return $this->checkAccessRecursive($userId, $permissionName, $params, $assignments);

  125.         }

  126.     }

  127. 

  128.     /**

  129.      * Performs access check for the specified user based on the data loaded from cache.

  130.      * This method is internally called by [[checkAccess()]] when [[cache]] is enabled.

  131.      * @param string|integer $user the user ID. This should can be either an integer or a string representing

  132.      * the unique identifier of a user. See [[\yii\web\User::id]].

  133.      * @param string $itemName the name of the operation that need access check

  134.      * @param array $params name-value pairs that would be passed to rules associated

  135.      * with the tasks and roles assigned to the user. A param with name 'user' is added to this array,

  136.      * which holds the value of `$userId`.

  137.      * @param Assignment[] $assignments the assignments to the specified user

  138.      * @return boolean whether the operations can be performed by the user.

  139.      * @since 2.0.3

  140.      */

  141.     protected function checkAccessFromCache($user, $itemName, $params, $assignments)

  142.     {

  143.         if (!isset($this->items[$itemName])) {

  144.             return false;

  145.         }

  146. 

  147.         $item = $this->items[$itemName];

  148. 

  149.         Yii::trace($item instanceof Role ? "Checking role: $itemName" : "Checking permission: $itemName", __METHOD__);

  150. 

  151.         if (!$this->executeRule($user, $item, $params)) {

  152.             return false;

  153.         }

  154. 

  155.         if (isset($assignments[$itemName]) || in_array($itemName, $this->defaultRoles)) {

  156.             return true;

  157.         }

  158. 

  159.         if (!empty($this->parents[$itemName])) {

  160.             foreach ($this->parents[$itemName] as $parent) {

  161.                 if ($this->checkAccessRecursive($user, $parent, $params, $assignments)) {

  162.                     return true;

  163.                 }

  164.             }

  165.         }

  166. 

  167.         return false;

  168.     }

  169. 

  170.     /**

  171.      * Performs access check for the specified user.

  172.      * This method is internally called by [[checkAccess()]].

  173.      * @param string|integer $user the user ID. This should can be either an integer or a string representing

  174.      * the unique identifier of a user. See [[\yii\web\User::id]].

  175.      * @param string $itemName the name of the operation that need access check

  176.      * @param array $params name-value pairs that would be passed to rules associated

  177.      * with the tasks and roles assigned to the user. A param with name 'user' is added to this array,

  178.      * which holds the value of `$userId`.

  179.      * @param Assignment[] $assignments the assignments to the specified user

  180.      * @return boolean whether the operations can be performed by the user.

  181.      */

  182.     protected function checkAccessRecursive($user, $itemName, $params, $assignments)

  183.     {

  184.         if (($item = $this->getItem($itemName)) === null) {

  185.             return false;

  186.         }

  187. 

  188.         Yii::trace($item instanceof Role ? "Checking role: $itemName" : "Checking permission: $itemName", __METHOD__);

  189. 

  190.         if (!$this->executeRule($user, $item, $params)) {

  191.             return false;

  192.         }

  193. 

  194.         if (isset($assignments[$itemName]) || in_array($itemName, $this->defaultRoles)) {

  195.             return true;

  196.         }

  197. 

  198.         $query = new Query;

  199.         $parents = $query->select(['parent'])

  200.             ->from($this->itemChildTable)

  201.             ->where(['child' => $itemName])

  202.             ->column($this->db);

  203.         foreach ($parents as $parent) {

  204.             if ($this->checkAccessRecursive($user, $parent, $params, $assignments)) {

  205.                 return true;

  206.             }

  207.         }

  208. 

  209.         return false;

  210.     }

  211. 

  212.     /**

  213.      * @inheritdoc

  214.      */

  215.     protected function getItem($name)

  216.     {

  217.         if (!empty($this->items[$name])) {

  218.             return $this->items[$name];

  219.         }

  220. 

  221.         $row = (new Query)->from($this->itemTable)

  222.             ->where(['name' => $name])

  223.             ->one($this->db);

  224. 

  225.         if ($row === false) {

  226.             return null;

  227.         }

  228. 

  229.         if (!isset($row['data']) || ($data = @unserialize($row['data'])) === false) {

  230.             $row['data'] = null;

  231.         }

  232. 

  233.         return $this->populateItem($row);

  234.     }

  235. 

  236.     /**

  237.      * Returns a value indicating whether the database supports cascading update and delete.

  238.      * The default implementation will return false for SQLite database and true for all other databases.

  239.      * @return boolean whether the database supports cascading update and delete.

  240.      */

  241.     protected function supportsCascadeUpdate()

  242.     {

  243.         return strncmp($this->db->getDriverName(), 'sqlite', 6) !== 0;

  244.     }

  245. 

  246.     /**

  247.      * @inheritdoc

  248.      */

  249.     protected function addItem($item)

  250.     {

  251.         $time = time();

  252.         if ($item->createdAt === null) {

  253.             $item->createdAt = $time;

  254.         }

  255.         if ($item->updatedAt === null) {

  256.             $item->updatedAt = $time;

  257.         }

  258.         $this->db->createCommand()

  259.             ->insert($this->itemTable, [

  260.                 'name' => $item->name,

  261.                 'type' => $item->type,

  262.                 'description' => $item->description,

  263.                 'rule_name' => $item->ruleName,

  264.                 'data' => $item->data === null ? null : serialize($item->data),

  265.                 'created_at' => $item->createdAt,

  266.                 'updated_at' => $item->updatedAt,

  267.             ])->execute();

  268. 

  269.         $this->invalidateCache();

  270. 

  271.         return true;

  272.     }

  273. 

  274.     /**

  275.      * @inheritdoc

  276.      */

  277.     protected function removeItem($item)

  278.     {

  279.         if (!$this->supportsCascadeUpdate()) {

  280.             $this->db->createCommand()

  281.                 ->delete($this->itemChildTable, ['or', '[[parent]]=:name', '[[child]]=:name'], [':name' => $item->name])

  282.                 ->execute();

  283.             $this->db->createCommand()

  284.                 ->delete($this->assignmentTable, ['item_name' => $item->name])

  285.                 ->execute();

  286.         }

  287. 

  288.         $this->db->createCommand()

  289.             ->delete($this->itemTable, ['name' => $item->name])

  290.             ->execute();

  291. 

  292.         $this->invalidateCache();

  293. 

  294.         return true;

  295.     }

  296. 

  297.     /**

  298.      * @inheritdoc

  299.      */

  300.     protected function updateItem($name, $item)

  301.     {

  302.         if ($item->name !== $name && !$this->supportsCascadeUpdate()) {

  303.             $this->db->createCommand()

  304.                 ->update($this->itemChildTable, ['parent' => $item->name], ['parent' => $name])

  305.                 ->execute();

  306.             $this->db->createCommand()

  307.                 ->update($this->itemChildTable, ['child' => $item->name], ['child' => $name])

  308.                 ->execute();

  309.             $this->db->createCommand()

  310.                 ->update($this->assignmentTable, ['item_name' => $item->name], ['item_name' => $name])

  311.                 ->execute();

  312.         }

  313. 

  314.         $item->updatedAt = time();

  315. 

  316.         $this->db->createCommand()

  317.             ->update($this->itemTable, [

  318.                 'name' => $item->name,

  319.                 'description' => $item->description,

  320.                 'rule_name' => $item->ruleName,

  321.                 'data' => $item->data === null ? null : serialize($item->data),

  322.                 'updated_at' => $item->updatedAt,

  323.             ], [

  324.                 'name' => $name,

  325.             ])->execute();

  326. 

  327.         $this->invalidateCache();

  328. 

  329.         return true;

  330.     }

  331. 

  332.     /**

  333.      * @inheritdoc

  334.      */

  335.     protected function addRule($rule)

  336.     {

  337.         $time = time();

  338.         if ($rule->createdAt === null) {

  339.             $rule->createdAt = $time;

  340.         }

  341.         if ($rule->updatedAt === null) {

  342.             $rule->updatedAt = $time;

  343.         }

  344.         $this->db->createCommand()

  345.             ->insert($this->ruleTable, [

  346.                 'name' => $rule->name,

  347.                 'data' => serialize($rule),

  348.                 'created_at' => $rule->createdAt,

  349.                 'updated_at' => $rule->updatedAt,

  350.             ])->execute();

  351. 

  352.         $this->invalidateCache();

  353. 

  354.         return true;

  355.     }

  356. 

  357.     /**

  358.      * @inheritdoc

  359.      */

  360.     protected function updateRule($name, $rule)

  361.     {

  362.         if ($rule->name !== $name && !$this->supportsCascadeUpdate()) {

  363.             $this->db->createCommand()

  364.                 ->update($this->itemTable, ['rule_name' => $rule->name], ['rule_name' => $name])

  365.                 ->execute();

  366.         }

  367. 

  368.         $rule->updatedAt = time();

  369. 

  370.         $this->db->createCommand()

  371.             ->update($this->ruleTable, [

  372.                 'name' => $rule->name,

  373.                 'data' => serialize($rule),

  374.                 'updated_at' => $rule->updatedAt,

  375.             ], [

  376.                 'name' => $name,

  377.             ])->execute();

  378. 

  379.         $this->invalidateCache();

  380. 

  381.         return true;

  382.     }

  383. 

  384.     /**

  385.      * @inheritdoc

  386.      */

  387.     protected function removeRule($rule)

  388.     {

  389.         if (!$this->supportsCascadeUpdate()) {

  390.             $this->db->createCommand()

  391.                 ->update($this->itemTable, ['rule_name' => null], ['rule_name' => $rule->name])

  392.                 ->execute();

  393.         }

  394. 

  395.         $this->db->createCommand()

  396.             ->delete($this->ruleTable, ['name' => $rule->name])

  397.             ->execute();

  398. 

  399.         $this->invalidateCache();

  400. 

  401.         return true;

  402.     }

  403. 

  404.     /**

  405.      * @inheritdoc

  406.      */

  407.     protected function getItems($type)

  408.     {

  409.         $query = (new Query)

  410.             ->from($this->itemTable)

  411.             ->where(['type' => $type]);

  412. 

  413.         $items = [];

  414.         foreach ($query->all($this->db) as $row) {

  415.             $items[$row['name']] = $this->populateItem($row);

  416.         }

  417. 

  418.         return $items;

  419.     }

  420. 

  421.     /**

  422.      * Populates an auth item with the data fetched from database

  423.      * @param array $row the data from the auth item table

  424.      * @return Item the populated auth item instance (either Role or Permission)

  425.      */

  426.     protected function populateItem($row)

  427.     {

  428.         $class = $row['type'] == Item::TYPE_PERMISSION ? Permission::className() : Role::className();

  429. 

  430.         if (!isset($row['data']) || ($data = @unserialize($row['data'])) === false) {

  431.             $data = null;

  432.         }

  433. 

  434.         return new $class([

  435.             'name' => $row['name'],

  436.             'type' => $row['type'],

  437.             'description' => $row['description'],

  438.             'ruleName' => $row['rule_name'],

  439.             'data' => $data,

  440.             'createdAt' => $row['created_at'],

  441.             'updatedAt' => $row['updated_at'],

  442.         ]);

  443.     }

  444. 

  445.     /**

  446.      * @inheritdoc

  447.      */

  448.     public function getRolesByUser($userId)

  449.     {

  450.         if (empty($userId)) {

  451.             return [];

  452.         }

  453. 

  454.         $query = (new Query)->select('b.*')

  455.             ->from(['a' => $this->assignmentTable, 'b' => $this->itemTable])

  456.             ->where('{{a}}.[[item_name]]={{b}}.[[name]]')

  457.             ->andWhere(['a.user_id' => (string) $userId]);

  458. 

  459.         $roles = [];

  460.         foreach ($query->all($this->db) as $row) {

  461.             $roles[$row['name']] = $this->populateItem($row);

  462.         }

  463.         return $roles;

  464.     }

  465. 

  466.     /**

  467.      * @inheritdoc

  468.      */

  469.     public function getPermissionsByRole($roleName)

  470.     {

  471.         $childrenList = $this->getChildrenList();

  472.         $result = [];

  473.         $this->getChildrenRecursive($roleName, $childrenList, $result);

  474.         if (empty($result)) {

  475.             return [];

  476.         }

  477.         $query = (new Query)->from($this->itemTable)->where([

  478.             'type' => Item::TYPE_PERMISSION,

  479.             'name' => array_keys($result),

  480.         ]);

  481.         $permissions = [];

  482.         foreach ($query->all($this->db) as $row) {

  483.             $permissions[$row['name']] = $this->populateItem($row);

  484.         }

  485.         return $permissions;

  486.     }

  487. 

  488.     /**

  489.      * @inheritdoc

  490.      */

  491.     public function getPermissionsByUser($userId)

  492.     {

  493.         if (empty($userId)) {

  494.             return [];

  495.         }

  496. 

  497.         $query = (new Query)->select('item_name')

  498.             ->from($this->assignmentTable)

  499.             ->where(['user_id' => (string) $userId]);

  500. 

  501.         $childrenList = $this->getChildrenList();

  502.         $result = [];

  503.         foreach ($query->column($this->db) as $roleName) {

  504.             $this->getChildrenRecursive($roleName, $childrenList, $result);

  505.         }

  506. 

  507.         if (empty($result)) {

  508.             return [];

  509.         }

  510. 

  511.         $query = (new Query)->from($this->itemTable)->where([

  512.             'type' => Item::TYPE_PERMISSION,

  513.             'name' => array_keys($result),

  514.         ]);

  515.         $permissions = [];

  516.         foreach ($query->all($this->db) as $row) {

  517.             $permissions[$row['name']] = $this->populateItem($row);

  518.         }

  519.         return $permissions;

  520.     }

  521. 

  522.     /**

  523.      * Returns the children for every parent.

  524.      * @return array the children list. Each array key is a parent item name,

  525.      * and the corresponding array value is a list of child item names.

  526.      */

  527.     protected function getChildrenList()

  528.     {

  529.         $query = (new Query)->from($this->itemChildTable);

  530.         $parents = [];

  531.         foreach ($query->all($this->db) as $row) {

  532.             $parents[$row['parent']][] = $row['child'];

  533.         }

  534.         return $parents;

  535.     }

  536. 

  537.     /**

  538.      * Recursively finds all children and grand children of the specified item.

  539.      * @param string $name the name of the item whose children are to be looked for.

  540.      * @param array $childrenList the child list built via [[getChildrenList()]]

  541.      * @param array $result the children and grand children (in array keys)

  542.      */

  543.     protected function getChildrenRecursive($name, $childrenList, &$result)

  544.     {

  545.         if (isset($childrenList[$name])) {

  546.             foreach ($childrenList[$name] as $child) {

  547.                 $result[$child] = true;

  548.                 $this->getChildrenRecursive($child, $childrenList, $result);

  549.             }

  550.         }

  551.     }

  552. 

  553.     /**

  554.      * @inheritdoc

  555.      */

  556.     public function getRule($name)

  557.     {

  558.         if ($this->rules !== null) {

  559.             return isset($this->rules[$name]) ? $this->rules[$name] : null;

  560.         }

  561. 

  562.         $row = (new Query)->select(['data'])

  563.             ->from($this->ruleTable)

  564.             ->where(['name' => $name])

  565.             ->one($this->db);

  566.         return $row === false ? null : unserialize($row['data']);

  567.     }

  568. 

  569.     /**

  570.      * @inheritdoc

  571.      */

  572.     public function getRules()

  573.     {

  574.         if ($this->rules !== null) {

  575.             return $this->rules;

  576.         }

  577. 

  578.         $query = (new Query)->from($this->ruleTable);

  579. 

  580.         $rules = [];

  581.         foreach ($query->all($this->db) as $row) {

  582.             $rules[$row['name']] = unserialize($row['data']);

  583.         }

  584. 

  585.         return $rules;

  586.     }

  587. 

  588.     /**

  589.      * @inheritdoc

  590.      */

  591.     public function getAssignment($roleName, $userId)

  592.     {

  593.         if (empty($userId)) {

  594.             return null;

  595.         }

  596. 

  597.         $row = (new Query)->from($this->assignmentTable)

  598.             ->where(['user_id' => (string) $userId, 'item_name' => $roleName])

  599.             ->one($this->db);

  600. 

  601.         if ($row === false) {

  602.             return null;

  603.         }

  604. 

  605.         return new Assignment([

  606.             'userId' => $row['user_id'],

  607.             'roleName' => $row['item_name'],

  608.             'createdAt' => $row['created_at'],

  609.         ]);

  610.     }

  611. 

  612.     /**

  613.      * @inheritdoc

  614.      */

  615.     public function getAssignments($userId)

  616.     {

  617.         if (empty($userId)) {

  618.             return [];

  619.         }

  620. 

  621.         $query = (new Query)

  622.             ->from($this->assignmentTable)

  623.             ->where(['user_id' => (string) $userId]);

  624. 

  625.         $assignments = [];

  626.         foreach ($query->all($this->db) as $row) {

  627.             $assignments[$row['item_name']] = new Assignment([

  628.                 'userId' => $row['user_id'],

  629.                 'roleName' => $row['item_name'],

  630.                 'createdAt' => $row['created_at'],

  631.             ]);

  632.         }

  633. 

  634.         return $assignments;

  635.     }

  636. 

  637.     /**

  638.      * @inheritdoc

  639.      */

  640.     public function addChild($parent, $child)

  641.     {

  642.         if ($parent->name === $child->name) {

  643.             throw new InvalidParamException("Cannot add '{$parent->name}' as a child of itself.");

  644.         }

  645. 

  646.         if ($parent instanceof Permission && $child instanceof Role) {

  647.             throw new InvalidParamException("Cannot add a role as a child of a permission.");

  648.         }

  649. 

  650.         if ($this->detectLoop($parent, $child)) {

  651.             throw new InvalidCallException("Cannot add '{$child->name}' as a child of '{$parent->name}'. A loop has been detected.");

  652.         }

  653. 

  654.         $this->db->createCommand()

  655.             ->insert($this->itemChildTable, ['parent' => $parent->name, 'child' => $child->name])

  656.             ->execute();

  657. 

  658.         $this->invalidateCache();

  659. 

  660.         return true;

  661.     }

  662. 

  663.     /**

  664.      * @inheritdoc

  665.      */

  666.     public function removeChild($parent, $child)

  667.     {

  668.         $result = $this->db->createCommand()

  669.             ->delete($this->itemChildTable, ['parent' => $parent->name, 'child' => $child->name])

  670.             ->execute() > 0;

  671. 

  672.         $this->invalidateCache();

  673. 

  674.         return $result;

  675.     }

  676. 

  677.     /**

  678.      * @inheritdoc

  679.      */

  680.     public function removeChildren($parent)

  681.     {

  682.         $result = $this->db->createCommand()

  683.             ->delete($this->itemChildTable, ['parent' => $parent->name])

  684.             ->execute() > 0;

  685. 

  686.         $this->invalidateCache();

  687. 

  688.         return $result;

  689.     }

  690. 

  691.     /**

  692.      * @inheritdoc

  693.      */

  694.     public function hasChild($parent, $child)

  695.     {

  696.         return (new Query)

  697.             ->from($this->itemChildTable)

  698.             ->where(['parent' => $parent->name, 'child' => $child->name])

  699.             ->one($this->db) !== false;

  700.     }

  701. 

  702.     /**

  703.      * @inheritdoc

  704.      */

  705.     public function getChildren($name)

  706.     {

  707.         $query = (new Query)

  708.             ->select(['name', 'type', 'description', 'rule_name', 'data', 'created_at', 'updated_at'])

  709.             ->from([$this->itemTable, $this->itemChildTable])

  710.             ->where(['parent' => $name, 'name' => new Expression('[[child]]')]);

  711. 

  712.         $children = [];

  713.         foreach ($query->all($this->db) as $row) {

  714.             $children[$row['name']] = $this->populateItem($row);

  715.         }

  716. 

  717.         return $children;

  718.     }

  719. 

  720.     /**

  721.      * Checks whether there is a loop in the authorization item hierarchy.

  722.      * @param Item $parent the parent item

  723.      * @param Item $child the child item to be added to the hierarchy

  724.      * @return boolean whether a loop exists

  725.      */

  726.     protected function detectLoop($parent, $child)

  727.     {

  728.         if ($child->name === $parent->name) {

  729.             return true;

  730.         }

  731.         foreach ($this->getChildren($child->name) as $grandchild) {

  732.             if ($this->detectLoop($parent, $grandchild)) {

  733.                 return true;

  734.             }

  735.         }

  736.         return false;

  737.     }

  738. 

  739.     /**

  740.      * @inheritdoc

  741.      */

  742.     public function assign($role, $userId)

  743.     {

  744.         $assignment = new Assignment([

  745.             'userId' => $userId,

  746.             'roleName' => $role->name,

  747.             'createdAt' => time(),

  748.         ]);

  749. 

  750.         $this->db->createCommand()

  751.             ->insert($this->assignmentTable, [

  752.                 'user_id' => $assignment->userId,

  753.                 'item_name' => $assignment->roleName,

  754.                 'created_at' => $assignment->createdAt,

  755.             ])->execute();

  756. 

  757.         return $assignment;

  758.     }

  759. 

  760.     /**

  761.      * @inheritdoc

  762.      */

  763.     public function revoke($role, $userId)

  764.     {

  765.         if (empty($userId)) {

  766.             return false;

  767.         }

  768. 

  769.         return $this->db->createCommand()

  770.             ->delete($this->assignmentTable, ['user_id' => (string) $userId, 'item_name' => $role->name])

  771.             ->execute() > 0;

  772.     }

  773. 

  774.     /**

  775.      * @inheritdoc

  776.      */

  777.     public function revokeAll($userId)

  778.     {

  779.         if (empty($userId)) {

  780.             return false;

  781.         }

  782. 

  783.         return $this->db->createCommand()

  784.             ->delete($this->assignmentTable, ['user_id' => (string) $userId])

  785.             ->execute() > 0;

  786.     }

  787. 

  788.     /**

  789.      * @inheritdoc

  790.      */

  791.     public function removeAll()

  792.     {

  793.         $this->removeAllAssignments();

  794.         $this->db->createCommand()->delete($this->itemChildTable)->execute();

  795.         $this->db->createCommand()->delete($this->itemTable)->execute();

  796.         $this->db->createCommand()->delete($this->ruleTable)->execute();

  797.         $this->invalidateCache();

  798.     }

  799. 

  800.     /**

  801.      * @inheritdoc

  802.      */

  803.     public function removeAllPermissions()

  804.     {

  805.         $this->removeAllItems(Item::TYPE_PERMISSION);

  806.     }

  807. 

  808.     /**

  809.      * @inheritdoc

  810.      */

  811.     public function removeAllRoles()

  812.     {

  813.         $this->removeAllItems(Item::TYPE_ROLE);

  814.     }

  815. 

  816.     /**

  817.      * Removes all auth items of the specified type.

  818.      * @param integer $type the auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE)

  819.      */

  820.     protected function removeAllItems($type)

  821.     {

  822.         if (!$this->supportsCascadeUpdate()) {

  823.             $names = (new Query)

  824.                 ->select(['name'])

  825.                 ->from($this->itemTable)

  826.                 ->where(['type' => $type])

  827.                 ->column($this->db);

  828.             if (empty($names)) {

  829.                 return;

  830.             }

  831.             $key = $type == Item::TYPE_PERMISSION ? 'child' : 'parent';

  832.             $this->db->createCommand()

  833.                 ->delete($this->itemChildTable, [$key => $names])

  834.                 ->execute();

  835.             $this->db->createCommand()

  836.                 ->delete($this->assignmentTable, ['item_name' => $names])

  837.                 ->execute();

  838.         }

  839.         $this->db->createCommand()

  840.             ->delete($this->itemTable, ['type' => $type])

  841.             ->execute();

  842. 

  843.         $this->invalidateCache();

  844.     }

  845. 

  846.     /**

  847.      * @inheritdoc

  848.      */

  849.     public function removeAllRules()

  850.     {

  851.         if (!$this->supportsCascadeUpdate()) {

  852.             $this->db->createCommand()

  853.                 ->update($this->itemTable, ['ruleName' => null])

  854.                 ->execute();

  855.         }

  856. 

  857.         $this->db->createCommand()->delete($this->ruleTable)->execute();

  858. 

  859.         $this->invalidateCache();

  860.     }

  861. 

  862.     /**

  863.      * @inheritdoc

  864.      */

  865.     public function removeAllAssignments()

  866.     {

  867.         $this->db->createCommand()->delete($this->assignmentTable)->execute();

  868.     }

  869. 

  870.     public function invalidateCache()

  871.     {

  872.         if ($this->cache !== null) {

  873.             $this->cache->delete($this->cacheKey);

  874.             $this->items = null;

  875.             $this->rules = null;

  876.             $this->parents = null;

  877.         }

  878.     }

  879. 

  880.     public function loadFromCache()

  881.     {

  882.         if ($this->items !== null || !$this->cache instanceof Cache) {

  883.             return;

  884.         }

  885. 

  886.         $data = $this->cache->get($this->cacheKey);

  887.         if (is_array($data) && isset($data[0], $data[1], $data[2])) {

  888.             list ($this->items, $this->rules, $this->parents) = $data;

  889.             return;

  890.         }

  891. 

  892.         $query = (new Query)->from($this->itemTable);

  893.         $this->items = [];

  894.         foreach ($query->all($this->db) as $row) {

  895.             $this->items[$row['name']] = $this->populateItem($row);

  896.         }

  897. 

  898.         $query = (new Query)->from($this->ruleTable);

  899.         $this->rules = [];

  900.         foreach ($query->all($this->db) as $row) {

  901.             $this->rules[$row['name']] = unserialize($row['data']);

  902.         }

  903. 

  904.         $query = (new Query)->from($this->itemChildTable);

  905.         $this->parents = [];

  906.         foreach ($query->all($this->db) as $row) {

  907.             if (isset($this->items[$row['child']])) {

  908.                 $this->parents[$row['child']][] = $row['parent'];

  909.             }

  910.         }

  911. 

  912.         $this->cache->set($this->cacheKey, [$this->items, $this->rules, $this->parents]);

  913.     }

  914. }