Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.

BaseManager.php 6.5KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213
  1. <?php
  2. /**
  3. * @link http://www.yiiframework.com/
  4. * @copyright Copyright (c) 2008 Yii Software LLC
  5. * @license http://www.yiiframework.com/license/
  6. */
  7. namespace yii\rbac;
  8. use yii\base\Component;
  9. use yii\base\InvalidConfigException;
  10. use yii\base\InvalidParamException;
  11. /**
  12. * BaseManager is a base class implementing [[ManagerInterface]] for RBAC management.
  13. *
  14. * @author Qiang Xue <qiang.xue@gmail.com>
  15. * @since 2.0
  16. */
  17. abstract class BaseManager extends Component implements ManagerInterface
  18. {
  19. /**
  20. * @var array a list of role names that are assigned to every user automatically without calling [[assign()]].
  21. */
  22. public $defaultRoles = [];
  23. /**
  24. * Returns the named auth item.
  25. * @param string $name the auth item name.
  26. * @return Item the auth item corresponding to the specified name. Null is returned if no such item.
  27. */
  28. abstract protected function getItem($name);
  29. /**
  30. * Returns the items of the specified type.
  31. * @param integer $type the auth item type (either [[Item::TYPE_ROLE]] or [[Item::TYPE_PERMISSION]]
  32. * @return Item[] the auth items of the specified type.
  33. */
  34. abstract protected function getItems($type);
  35. /**
  36. * Adds an auth item to the RBAC system.
  37. * @param Item $item
  38. * @return boolean whether the auth item is successfully added to the system
  39. * @throws \Exception if data validation or saving fails (such as the name of the role or permission is not unique)
  40. */
  41. abstract protected function addItem($item);
  42. /**
  43. * Adds a rule to the RBAC system.
  44. * @param Rule $rule
  45. * @return boolean whether the rule is successfully added to the system
  46. * @throws \Exception if data validation or saving fails (such as the name of the rule is not unique)
  47. */
  48. abstract protected function addRule($rule);
  49. /**
  50. * Removes an auth item from the RBAC system.
  51. * @param Item $item
  52. * @return boolean whether the role or permission is successfully removed
  53. * @throws \Exception if data validation or saving fails (such as the name of the role or permission is not unique)
  54. */
  55. abstract protected function removeItem($item);
  56. /**
  57. * Removes a rule from the RBAC system.
  58. * @param Rule $rule
  59. * @return boolean whether the rule is successfully removed
  60. * @throws \Exception if data validation or saving fails (such as the name of the rule is not unique)
  61. */
  62. abstract protected function removeRule($rule);
  63. /**
  64. * Updates an auth item in the RBAC system.
  65. * @param string $name the old name of the auth item
  66. * @param Item $item
  67. * @return boolean whether the auth item is successfully updated
  68. * @throws \Exception if data validation or saving fails (such as the name of the role or permission is not unique)
  69. */
  70. abstract protected function updateItem($name, $item);
  71. /**
  72. * Updates a rule to the RBAC system.
  73. * @param string $name the old name of the rule
  74. * @param Rule $rule
  75. * @return boolean whether the rule is successfully updated
  76. * @throws \Exception if data validation or saving fails (such as the name of the rule is not unique)
  77. */
  78. abstract protected function updateRule($name, $rule);
  79. /**
  80. * @inheritdoc
  81. */
  82. public function createRole($name)
  83. {
  84. $role = new Role;
  85. $role->name = $name;
  86. return $role;
  87. }
  88. /**
  89. * @inheritdoc
  90. */
  91. public function createPermission($name)
  92. {
  93. $permission = new Permission();
  94. $permission->name = $name;
  95. return $permission;
  96. }
  97. /**
  98. * @inheritdoc
  99. */
  100. public function add($object)
  101. {
  102. if ($object instanceof Item) {
  103. return $this->addItem($object);
  104. } elseif ($object instanceof Rule) {
  105. return $this->addRule($object);
  106. } else {
  107. throw new InvalidParamException("Adding unsupported object type.");
  108. }
  109. }
  110. /**
  111. * @inheritdoc
  112. */
  113. public function remove($object)
  114. {
  115. if ($object instanceof Item) {
  116. return $this->removeItem($object);
  117. } elseif ($object instanceof Rule) {
  118. return $this->removeRule($object);
  119. } else {
  120. throw new InvalidParamException("Removing unsupported object type.");
  121. }
  122. }
  123. /**
  124. * @inheritdoc
  125. */
  126. public function update($name, $object)
  127. {
  128. if ($object instanceof Item) {
  129. return $this->updateItem($name, $object);
  130. } elseif ($object instanceof Rule) {
  131. return $this->updateRule($name, $object);
  132. } else {
  133. throw new InvalidParamException("Updating unsupported object type.");
  134. }
  135. }
  136. /**
  137. * @inheritdoc
  138. */
  139. public function getRole($name)
  140. {
  141. $item = $this->getItem($name);
  142. return $item instanceof Item && $item->type == Item::TYPE_ROLE ? $item : null;
  143. }
  144. /**
  145. * @inheritdoc
  146. */
  147. public function getPermission($name)
  148. {
  149. $item = $this->getItem($name);
  150. return $item instanceof Item && $item->type == Item::TYPE_PERMISSION ? $item : null;
  151. }
  152. /**
  153. * @inheritdoc
  154. */
  155. public function getRoles()
  156. {
  157. return $this->getItems(Item::TYPE_ROLE);
  158. }
  159. /**
  160. * @inheritdoc
  161. */
  162. public function getPermissions()
  163. {
  164. return $this->getItems(Item::TYPE_PERMISSION);
  165. }
  166. /**
  167. * Executes the rule associated with the specified auth item.
  168. *
  169. * If the item does not specify a rule, this method will return true. Otherwise, it will
  170. * return the value of [[Rule::execute()]].
  171. *
  172. * @param string|integer $user the user ID. This should be either an integer or a string representing
  173. * the unique identifier of a user. See [[\yii\web\User::id]].
  174. * @param Item $item the auth item that needs to execute its rule
  175. * @param array $params parameters passed to [[ManagerInterface::checkAccess()]] and will be passed to the rule
  176. * @return boolean the return value of [[Rule::execute()]]. If the auth item does not specify a rule, true will be returned.
  177. * @throws InvalidConfigException if the auth item has an invalid rule.
  178. */
  179. protected function executeRule($user, $item, $params)
  180. {
  181. if ($item->ruleName === null) {
  182. return true;
  183. }
  184. $rule = $this->getRule($item->ruleName);
  185. if ($rule instanceof Rule) {
  186. return $rule->execute($user, $item, $params);
  187. } else {
  188. throw new InvalidConfigException("Rule not found: {$item->ruleName}");
  189. }
  190. }
  191. }