Laclic
/
Souke
Watch 5
Star 0
Fork 1
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
473 Commits
6 Branches
Tree: 178ca2aa2b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '178ca2aa2b'
${ noResults }
Souke/vendor/yiisoft/yii2/rbac/PhpManager.php

878 lines
25KB
Raw Blame History 

  1. <?php

  2. /**

  3.  * @link http://www.yiiframework.com/

  4.  * @copyright Copyright (c) 2008 Yii Software LLC

  5.  * @license http://www.yiiframework.com/license/

  6.  */

  7. 

  8. namespace yii\rbac;

  9. 

  10. use yii\base\InvalidCallException;

  11. use yii\base\InvalidParamException;

  12. use Yii;

  13. use yii\helpers\VarDumper;

  14. 

  15. /**

  16.  * PhpManager represents an authorization manager that stores authorization

  17.  * information in terms of a PHP script file.

  18.  *

  19.  * The authorization data will be saved to and loaded from three files

  20.  * specified by [[itemFile]], [[assignmentFile]] and [[ruleFile]].

  21.  *

  22.  * PhpManager is mainly suitable for authorization data that is not too big

  23.  * (for example, the authorization data for a personal blog system).

  24.  * Use [[DbManager]] for more complex authorization data.

  25.  *

  26.  * Note that PhpManager is not compatible with facebooks [HHVM](http://hhvm.com/) because

  27.  * it relies on writing php files and including them afterwards which is not supported by HHVM.

  28.  *

  29.  * @author Qiang Xue <qiang.xue@gmail.com>

  30.  * @author Alexander Kochetov <creocoder@gmail.com>

  31.  * @author Christophe Boulain <christophe.boulain@gmail.com>

  32.  * @author Alexander Makarov <sam@rmcreative.ru>

  33.  * @since 2.0

  34.  */

  35. class PhpManager extends BaseManager

  36. {

  37.     /**

  38.      * @var string the path of the PHP script that contains the authorization items.

  39.      * This can be either a file path or a path alias to the file.

  40.      * Make sure this file is writable by the Web server process if the authorization needs to be changed online.

  41.      * @see loadFromFile()

  42.      * @see saveToFile()

  43.      */

  44.     public $itemFile = '@app/rbac/items.php';

  45.     /**

  46.      * @var string the path of the PHP script that contains the authorization assignments.

  47.      * This can be either a file path or a path alias to the file.

  48.      * Make sure this file is writable by the Web server process if the authorization needs to be changed online.

  49.      * @see loadFromFile()

  50.      * @see saveToFile()

  51.      */

  52.     public $assignmentFile = '@app/rbac/assignments.php';

  53.     /**

  54.      * @var string the path of the PHP script that contains the authorization rules.

  55.      * This can be either a file path or a path alias to the file.

  56.      * Make sure this file is writable by the Web server process if the authorization needs to be changed online.

  57.      * @see loadFromFile()

  58.      * @see saveToFile()

  59.      */

  60.     public $ruleFile = '@app/rbac/rules.php';

  61. 

  62.     /**

  63.      * @var Item[]

  64.      */

  65.     protected $items = []; // itemName => item

  66.     /**

  67.      * @var array

  68.      */

  69.     protected $children = []; // itemName, childName => child

  70.     /**

  71.      * @var array

  72.      */

  73.     protected $assignments = []; // userId, itemName => assignment

  74.     /**

  75.      * @var Rule[]

  76.      */

  77.     protected $rules = []; // ruleName => rule

  78. 

  79. 

  80.     /**

  81.      * Initializes the application component.

  82.      * This method overrides parent implementation by loading the authorization data

  83.      * from PHP script.

  84.      */

  85.     public function init()

  86.     {

  87.         parent::init();

  88.         $this->itemFile = Yii::getAlias($this->itemFile);

  89.         $this->assignmentFile = Yii::getAlias($this->assignmentFile);

  90.         $this->ruleFile = Yii::getAlias($this->ruleFile);

  91.         $this->load();

  92.     }

  93. 

  94.     /**

  95.      * @inheritdoc

  96.      */

  97.     public function checkAccess($userId, $permissionName, $params = [])

  98.     {

  99.         $assignments = $this->getAssignments($userId);

  100.         return $this->checkAccessRecursive($userId, $permissionName, $params, $assignments);

  101.     }

  102. 

  103.     /**

  104.      * @inheritdoc

  105.      */

  106.     public function getAssignments($userId)

  107.     {

  108.         return isset($this->assignments[$userId]) ? $this->assignments[$userId] : [];

  109.     }

  110. 

  111.     /**

  112.      * Performs access check for the specified user.

  113.      * This method is internally called by [[checkAccess()]].

  114.      *

  115.      * @param string|integer $user the user ID. This should can be either an integer or a string representing

  116.      * the unique identifier of a user. See [[\yii\web\User::id]].

  117.      * @param string $itemName the name of the operation that need access check

  118.      * @param array $params name-value pairs that would be passed to rules associated

  119.      * with the tasks and roles assigned to the user. A param with name 'user' is added to this array,

  120.      * which holds the value of `$userId`.

  121.      * @param Assignment[] $assignments the assignments to the specified user

  122.      * @return boolean whether the operations can be performed by the user.

  123.      */

  124.     protected function checkAccessRecursive($user, $itemName, $params, $assignments)

  125.     {

  126.         if (!isset($this->items[$itemName])) {

  127.             return false;

  128.         }

  129. 

  130.         /* @var $item Item */

  131.         $item = $this->items[$itemName];

  132.         Yii::trace($item instanceof Role ? "Checking role: $itemName" : "Checking permission : $itemName", __METHOD__);

  133. 

  134.         if (!$this->executeRule($user, $item, $params)) {

  135.             return false;

  136.         }

  137. 

  138.         if (isset($assignments[$itemName]) || in_array($itemName, $this->defaultRoles)) {

  139.             return true;

  140.         }

  141. 

  142.         foreach ($this->children as $parentName => $children) {

  143.             if (isset($children[$itemName]) && $this->checkAccessRecursive($user, $parentName, $params, $assignments)) {

  144.                 return true;

  145.             }

  146.         }

  147. 

  148.         return false;

  149.     }

  150. 

  151.     /**

  152.      * @inheritdoc

  153.      * @since 2.0.8

  154.      */

  155.     public function canAddChild($parent, $child)

  156.     {

  157.         return !$this->detectLoop($parent, $child);

  158.     }

  159. 

  160.     /**

  161.      * @inheritdoc

  162.      */

  163.     public function addChild($parent, $child)

  164.     {

  165.         if (!isset($this->items[$parent->name], $this->items[$child->name])) {

  166.             throw new InvalidParamException("Either '{$parent->name}' or '{$child->name}' does not exist.");

  167.         }

  168. 

  169.         if ($parent->name === $child->name) {

  170.             throw new InvalidParamException("Cannot add '{$parent->name} ' as a child of itself.");

  171.         }

  172.         if ($parent instanceof Permission && $child instanceof Role) {

  173.             throw new InvalidParamException('Cannot add a role as a child of a permission.');

  174.         }

  175. 

  176.         if ($this->detectLoop($parent, $child)) {

  177.             throw new InvalidCallException("Cannot add '{$child->name}' as a child of '{$parent->name}'. A loop has been detected.");

  178.         }

  179.         if (isset($this->children[$parent->name][$child->name])) {

  180.             throw new InvalidCallException("The item '{$parent->name}' already has a child '{$child->name}'.");

  181.         }

  182.         $this->children[$parent->name][$child->name] = $this->items[$child->name];

  183.         $this->saveItems();

  184. 

  185.         return true;

  186.     }

  187. 

  188.     /**

  189.      * Checks whether there is a loop in the authorization item hierarchy.

  190.      *

  191.      * @param Item $parent parent item

  192.      * @param Item $child the child item that is to be added to the hierarchy

  193.      * @return boolean whether a loop exists

  194.      */

  195.     protected function detectLoop($parent, $child)

  196.     {

  197.         if ($child->name === $parent->name) {

  198.             return true;

  199.         }

  200.         if (!isset($this->children[$child->name], $this->items[$parent->name])) {

  201.             return false;

  202.         }

  203.         foreach ($this->children[$child->name] as $grandchild) {

  204.             /* @var $grandchild Item */

  205.             if ($this->detectLoop($parent, $grandchild)) {

  206.                 return true;

  207.             }

  208.         }

  209. 

  210.         return false;

  211.     }

  212. 

  213.     /**

  214.      * @inheritdoc

  215.      */

  216.     public function removeChild($parent, $child)

  217.     {

  218.         if (isset($this->children[$parent->name][$child->name])) {

  219.             unset($this->children[$parent->name][$child->name]);

  220.             $this->saveItems();

  221.             return true;

  222.         } else {

  223.             return false;

  224.         }

  225.     }

  226. 

  227.     /**

  228.      * @inheritdoc

  229.      */

  230.     public function removeChildren($parent)

  231.     {

  232.         if (isset($this->children[$parent->name])) {

  233.             unset($this->children[$parent->name]);

  234.             $this->saveItems();

  235.             return true;

  236.         } else {

  237.             return false;

  238.         }

  239.     }

  240. 

  241.     /**

  242.      * @inheritdoc

  243.      */

  244.     public function hasChild($parent, $child)

  245.     {

  246.         return isset($this->children[$parent->name][$child->name]);

  247.     }

  248. 

  249.     /**

  250.      * @inheritdoc

  251.      */

  252.     public function assign($role, $userId)

  253.     {

  254.         if (!isset($this->items[$role->name])) {

  255.             throw new InvalidParamException("Unknown role '{$role->name}'.");

  256.         } elseif (isset($this->assignments[$userId][$role->name])) {

  257.             throw new InvalidParamException("Authorization item '{$role->name}' has already been assigned to user '$userId'.");

  258.         } else {

  259.             $this->assignments[$userId][$role->name] = new Assignment([

  260.                 'userId' => $userId,

  261.                 'roleName' => $role->name,

  262.                 'createdAt' => time(),

  263.             ]);

  264.             $this->saveAssignments();

  265.             return $this->assignments[$userId][$role->name];

  266.         }

  267.     }

  268. 

  269.     /**

  270.      * @inheritdoc

  271.      */

  272.     public function revoke($role, $userId)

  273.     {

  274.         if (isset($this->assignments[$userId][$role->name])) {

  275.             unset($this->assignments[$userId][$role->name]);

  276.             $this->saveAssignments();

  277.             return true;

  278.         } else {

  279.             return false;

  280.         }

  281.     }

  282. 

  283.     /**

  284.      * @inheritdoc

  285.      */

  286.     public function revokeAll($userId)

  287.     {

  288.         if (isset($this->assignments[$userId]) && is_array($this->assignments[$userId])) {

  289.             foreach ($this->assignments[$userId] as $itemName => $value) {

  290.                 unset($this->assignments[$userId][$itemName]);

  291.             }

  292.             $this->saveAssignments();

  293.             return true;

  294.         } else {

  295.             return false;

  296.         }

  297.     }

  298. 

  299.     /**

  300.      * @inheritdoc

  301.      */

  302.     public function getAssignment($roleName, $userId)

  303.     {

  304.         return isset($this->assignments[$userId][$roleName]) ? $this->assignments[$userId][$roleName] : null;

  305.     }

  306. 

  307.     /**

  308.      * @inheritdoc

  309.      */

  310.     public function getItems($type)

  311.     {

  312.         $items = [];

  313. 

  314.         foreach ($this->items as $name => $item) {

  315.             /* @var $item Item */

  316.             if ($item->type == $type) {

  317.                 $items[$name] = $item;

  318.             }

  319.         }

  320. 

  321.         return $items;

  322.     }

  323. 

  324. 

  325.     /**

  326.      * @inheritdoc

  327.      */

  328.     public function removeItem($item)

  329.     {

  330.         if (isset($this->items[$item->name])) {

  331.             foreach ($this->children as &$children) {

  332.                 unset($children[$item->name]);

  333.             }

  334.             foreach ($this->assignments as &$assignments) {

  335.                 unset($assignments[$item->name]);

  336.             }

  337.             unset($this->items[$item->name]);

  338.             $this->saveItems();

  339.             $this->saveAssignments();

  340.             return true;

  341.         } else {

  342.             return false;

  343.         }

  344.     }

  345. 

  346.     /**

  347.      * @inheritdoc

  348.      */

  349.     public function getItem($name)

  350.     {

  351.         return isset($this->items[$name]) ? $this->items[$name] : null;

  352.     }

  353. 

  354.     /**

  355.      * @inheritdoc

  356.      */

  357.     public function updateRule($name, $rule)

  358.     {

  359.         if ($rule->name !== $name) {

  360.             unset($this->rules[$name]);

  361.         }

  362.         $this->rules[$rule->name] = $rule;

  363.         $this->saveRules();

  364.         return true;

  365.     }

  366. 

  367.     /**

  368.      * @inheritdoc

  369.      */

  370.     public function getRule($name)

  371.     {

  372.         return isset($this->rules[$name]) ? $this->rules[$name] : null;

  373.     }

  374. 

  375.     /**

  376.      * @inheritdoc

  377.      */

  378.     public function getRules()

  379.     {

  380.         return $this->rules;

  381.     }

  382. 

  383.     /**

  384.      * @inheritdoc

  385.      */

  386.     public function getRolesByUser($userId)

  387.     {

  388.         $roles = [];

  389.         foreach ($this->getAssignments($userId) as $name => $assignment) {

  390.             $role = $this->items[$assignment->roleName];

  391.             if ($role->type === Item::TYPE_ROLE) {

  392.                 $roles[$name] = $role;

  393.             }

  394.         }

  395. 

  396.         return $roles;

  397.     }

  398. 

  399.     /**

  400.      * @inheritdoc

  401.      */

  402.     public function getChildRoles($roleName)

  403.     {

  404.         $role = $this->getRole($roleName);

  405. 

  406.         if (is_null($role)) {

  407.             throw new InvalidParamException("Role \"$roleName\" not found.");

  408.         }

  409. 

  410.         /** @var $result Item[] */

  411.         $this->getChildrenRecursive($roleName, $result);

  412. 

  413.         $roles = [$roleName => $role];

  414. 

  415.         $roles += array_filter($this->getRoles(), function (Role $roleItem) use ($result) {

  416.             return array_key_exists($roleItem->name, $result);

  417.         });

  418. 

  419.         return $roles;

  420.     }

  421. 

  422.     /**

  423.      * @inheritdoc

  424.      */

  425.     public function getPermissionsByRole($roleName)

  426.     {

  427.         $result = [];

  428.         $this->getChildrenRecursive($roleName, $result);

  429.         if (empty($result)) {

  430.             return [];

  431.         }

  432.         $permissions = [];

  433.         foreach (array_keys($result) as $itemName) {

  434.             if (isset($this->items[$itemName]) && $this->items[$itemName] instanceof Permission) {

  435.                 $permissions[$itemName] = $this->items[$itemName];

  436.             }

  437.         }

  438.         return $permissions;

  439.     }

  440. 

  441.     /**

  442.      * Recursively finds all children and grand children of the specified item.

  443.      *

  444.      * @param string $name the name of the item whose children are to be looked for.

  445.      * @param array $result the children and grand children (in array keys)

  446.      */

  447.     protected function getChildrenRecursive($name, &$result)

  448.     {

  449.         if (isset($this->children[$name])) {

  450.             foreach ($this->children[$name] as $child) {

  451.                 $result[$child->name] = true;

  452.                 $this->getChildrenRecursive($child->name, $result);

  453.             }

  454.         }

  455.     }

  456. 

  457.     /**

  458.      * @inheritdoc

  459.      */

  460.     public function getPermissionsByUser($userId)

  461.     {

  462.         $directPermission = $this->getDirectPermissionsByUser($userId);

  463.         $inheritedPermission = $this->getInheritedPermissionsByUser($userId);

  464. 

  465.         return array_merge($directPermission, $inheritedPermission);

  466.     }

  467. 

  468.     /**

  469.      * Returns all permissions that are directly assigned to user.

  470.      * @param string|integer $userId the user ID (see [[\yii\web\User::id]])

  471.      * @return Permission[] all direct permissions that the user has. The array is indexed by the permission names.

  472.      * @since 2.0.7

  473.      */

  474.     protected function getDirectPermissionsByUser($userId)

  475.     {

  476.         $permissions = [];

  477.         foreach ($this->getAssignments($userId) as $name => $assignment) {

  478.             $permission = $this->items[$assignment->roleName];

  479.             if ($permission->type === Item::TYPE_PERMISSION) {

  480.                 $permissions[$name] = $permission;

  481.             }

  482.         }

  483. 

  484.         return $permissions;

  485.     }

  486. 

  487.     /**

  488.      * Returns all permissions that the user inherits from the roles assigned to him.

  489.      * @param string|integer $userId the user ID (see [[\yii\web\User::id]])

  490.      * @return Permission[] all inherited permissions that the user has. The array is indexed by the permission names.

  491.      * @since 2.0.7

  492.      */

  493.     protected function getInheritedPermissionsByUser($userId)

  494.     {

  495.         $assignments = $this->getAssignments($userId);

  496.         $result = [];

  497.         foreach (array_keys($assignments) as $roleName) {

  498.             $this->getChildrenRecursive($roleName, $result);

  499.         }

  500. 

  501.         if (empty($result)) {

  502.             return [];

  503.         }

  504. 

  505.         $permissions = [];

  506.         foreach (array_keys($result) as $itemName) {

  507.             if (isset($this->items[$itemName]) && $this->items[$itemName] instanceof Permission) {

  508.                 $permissions[$itemName] = $this->items[$itemName];

  509.             }

  510.         }

  511.         return $permissions;

  512.     }

  513. 

  514.     /**

  515.      * @inheritdoc

  516.      */

  517.     public function getChildren($name)

  518.     {

  519.         return isset($this->children[$name]) ? $this->children[$name] : [];

  520.     }

  521. 

  522.     /**

  523.      * @inheritdoc

  524.      */

  525.     public function removeAll()

  526.     {

  527.         $this->children = [];

  528.         $this->items = [];

  529.         $this->assignments = [];

  530.         $this->rules = [];

  531.         $this->save();

  532.     }

  533. 

  534.     /**

  535.      * @inheritdoc

  536.      */

  537.     public function removeAllPermissions()

  538.     {

  539.         $this->removeAllItems(Item::TYPE_PERMISSION);

  540.     }

  541. 

  542.     /**

  543.      * @inheritdoc

  544.      */

  545.     public function removeAllRoles()

  546.     {

  547.         $this->removeAllItems(Item::TYPE_ROLE);

  548.     }

  549. 

  550.     /**

  551.      * Removes all auth items of the specified type.

  552.      * @param integer $type the auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE)

  553.      */

  554.     protected function removeAllItems($type)

  555.     {

  556.         $names = [];

  557.         foreach ($this->items as $name => $item) {

  558.             if ($item->type == $type) {

  559.                 unset($this->items[$name]);

  560.                 $names[$name] = true;

  561.             }

  562.         }

  563.         if (empty($names)) {

  564.             return;

  565.         }

  566. 

  567.         foreach ($this->assignments as $i => $assignments) {

  568.             foreach ($assignments as $n => $assignment) {

  569.                 if (isset($names[$assignment->roleName])) {

  570.                     unset($this->assignments[$i][$n]);

  571.                 }

  572.             }

  573.         }

  574.         foreach ($this->children as $name => $children) {

  575.             if (isset($names[$name])) {

  576.                 unset($this->children[$name]);

  577.             } else {

  578.                 foreach ($children as $childName => $item) {

  579.                     if (isset($names[$childName])) {

  580.                         unset($children[$childName]);

  581.                     }

  582.                 }

  583.                 $this->children[$name] = $children;

  584.             }

  585.         }

  586. 

  587.         $this->saveItems();

  588.     }

  589. 

  590.     /**

  591.      * @inheritdoc

  592.      */

  593.     public function removeAllRules()

  594.     {

  595.         foreach ($this->items as $item) {

  596.             $item->ruleName = null;

  597.         }

  598.         $this->rules = [];

  599.         $this->saveRules();

  600.     }

  601. 

  602.     /**

  603.      * @inheritdoc

  604.      */

  605.     public function removeAllAssignments()

  606.     {

  607.         $this->assignments = [];

  608.         $this->saveAssignments();

  609.     }

  610. 

  611.     /**

  612.      * @inheritdoc

  613.      */

  614.     protected function removeRule($rule)

  615.     {

  616.         if (isset($this->rules[$rule->name])) {

  617.             unset($this->rules[$rule->name]);

  618.             foreach ($this->items as $item) {

  619.                 if ($item->ruleName === $rule->name) {

  620.                     $item->ruleName = null;

  621.                 }

  622.             }

  623.             $this->saveRules();

  624.             return true;

  625.         } else {

  626.             return false;

  627.         }

  628.     }

  629. 

  630.     /**

  631.      * @inheritdoc

  632.      */

  633.     protected function addRule($rule)

  634.     {

  635.         $this->rules[$rule->name] = $rule;

  636.         $this->saveRules();

  637.         return true;

  638.     }

  639. 

  640.     /**

  641.      * @inheritdoc

  642.      */

  643.     protected function updateItem($name, $item)

  644.     {

  645.         if ($name !== $item->name) {

  646.             if (isset($this->items[$item->name])) {

  647.                 throw new InvalidParamException("Unable to change the item name. The name '{$item->name}' is already used by another item.");

  648.             } else {

  649.                 // Remove old item in case of renaming

  650.                 unset($this->items[$name]);

  651. 

  652.                 if (isset($this->children[$name])) {

  653.                     $this->children[$item->name] = $this->children[$name];

  654.                     unset($this->children[$name]);

  655.                 }

  656.                 foreach ($this->children as &$children) {

  657.                     if (isset($children[$name])) {

  658.                         $children[$item->name] = $children[$name];

  659.                         unset($children[$name]);

  660.                     }

  661.                 }

  662.                 foreach ($this->assignments as &$assignments) {

  663.                     if (isset($assignments[$name])) {

  664.                         $assignments[$item->name] = $assignments[$name];

  665.                         $assignments[$item->name]->roleName = $item->name;

  666.                         unset($assignments[$name]);

  667.                     }

  668.                 }

  669.                 $this->saveAssignments();

  670.             }

  671.         }

  672. 

  673.         $this->items[$item->name] = $item;

  674. 

  675.         $this->saveItems();

  676.         return true;

  677.     }

  678. 

  679.     /**

  680.      * @inheritdoc

  681.      */

  682.     protected function addItem($item)

  683.     {

  684.         $time = time();

  685.         if ($item->createdAt === null) {

  686.             $item->createdAt = $time;

  687.         }

  688.         if ($item->updatedAt === null) {

  689.             $item->updatedAt = $time;

  690.         }

  691. 

  692.         $this->items[$item->name] = $item;

  693. 

  694.         $this->saveItems();

  695. 

  696.         return true;

  697. 

  698.     }

  699. 

  700.     /**

  701.      * Loads authorization data from persistent storage.

  702.      */

  703.     protected function load()

  704.     {

  705.         $this->children = [];

  706.         $this->rules = [];

  707.         $this->assignments = [];

  708.         $this->items = [];

  709. 

  710.         $items = $this->loadFromFile($this->itemFile);

  711.         $itemsMtime = @filemtime($this->itemFile);

  712.         $assignments = $this->loadFromFile($this->assignmentFile);

  713.         $assignmentsMtime = @filemtime($this->assignmentFile);

  714.         $rules = $this->loadFromFile($this->ruleFile);

  715. 

  716.         foreach ($items as $name => $item) {

  717.             $class = $item['type'] == Item::TYPE_PERMISSION ? Permission::className() : Role::className();

  718. 

  719.             $this->items[$name] = new $class([

  720.                 'name' => $name,

  721.                 'description' => isset($item['description']) ? $item['description'] : null,

  722.                 'ruleName' => isset($item['ruleName']) ? $item['ruleName'] : null,

  723.                 'data' => isset($item['data']) ? $item['data'] : null,

  724.                 'createdAt' => $itemsMtime,

  725.                 'updatedAt' => $itemsMtime,

  726.             ]);

  727.         }

  728. 

  729.         foreach ($items as $name => $item) {

  730.             if (isset($item['children'])) {

  731.                 foreach ($item['children'] as $childName) {

  732.                     if (isset($this->items[$childName])) {

  733.                         $this->children[$name][$childName] = $this->items[$childName];

  734.                     }

  735.                 }

  736.             }

  737.         }

  738. 

  739.         foreach ($assignments as $userId => $roles) {

  740.             foreach ($roles as $role) {

  741.                 $this->assignments[$userId][$role] = new Assignment([

  742.                     'userId' => $userId,

  743.                     'roleName' => $role,

  744.                     'createdAt' => $assignmentsMtime,

  745.                 ]);

  746.             }

  747.         }

  748. 

  749.         foreach ($rules as $name => $ruleData) {

  750.             $this->rules[$name] = unserialize($ruleData);

  751.         }

  752.     }

  753. 

  754.     /**

  755.      * Saves authorization data into persistent storage.

  756.      */

  757.     protected function save()

  758.     {

  759.         $this->saveItems();

  760.         $this->saveAssignments();

  761.         $this->saveRules();

  762.     }

  763. 

  764.     /**

  765.      * Loads the authorization data from a PHP script file.

  766.      *

  767.      * @param string $file the file path.

  768.      * @return array the authorization data

  769.      * @see saveToFile()

  770.      */

  771.     protected function loadFromFile($file)

  772.     {

  773.         if (is_file($file)) {

  774.             return require($file);

  775.         } else {

  776.             return [];

  777.         }

  778.     }

  779. 

  780.     /**

  781.      * Saves the authorization data to a PHP script file.

  782.      *

  783.      * @param array $data the authorization data

  784.      * @param string $file the file path.

  785.      * @see loadFromFile()

  786.      */

  787.     protected function saveToFile($data, $file)

  788.     {

  789.         file_put_contents($file, "<?php\nreturn " . VarDumper::export($data) . ";\n", LOCK_EX);

  790.         $this->invalidateScriptCache($file);

  791.     }

  792. 

  793.     /**

  794.      * Invalidates precompiled script cache (such as OPCache or APC) for the given file.

  795.      * @param string $file the file path.

  796.      * @since 2.0.9

  797.      */

  798.     protected function invalidateScriptCache($file)

  799.     {

  800.         if (function_exists('opcache_invalidate')) {

  801.             opcache_invalidate($file, true);

  802.         }

  803.         if (function_exists('apc_delete_file')) {

  804.             @apc_delete_file($file);

  805.         }

  806.     }

  807. 

  808.     /**

  809.      * Saves items data into persistent storage.

  810.      */

  811.     protected function saveItems()

  812.     {

  813.         $items = [];

  814.         foreach ($this->items as $name => $item) {

  815.             /* @var $item Item */

  816.             $items[$name] = array_filter(

  817.                 [

  818.                     'type' => $item->type,

  819.                     'description' => $item->description,

  820.                     'ruleName' => $item->ruleName,

  821.                     'data' => $item->data,

  822.                 ]

  823.             );

  824.             if (isset($this->children[$name])) {

  825.                 foreach ($this->children[$name] as $child) {

  826.                     /* @var $child Item */

  827.                     $items[$name]['children'][] = $child->name;

  828.                 }

  829.             }

  830.         }

  831.         $this->saveToFile($items, $this->itemFile);

  832.     }

  833. 

  834.     /**

  835.      * Saves assignments data into persistent storage.

  836.      */

  837.     protected function saveAssignments()

  838.     {

  839.         $assignmentData = [];

  840.         foreach ($this->assignments as $userId => $assignments) {

  841.             foreach ($assignments as $name => $assignment) {

  842.                 /* @var $assignment Assignment */

  843.                 $assignmentData[$userId][] = $assignment->roleName;

  844.             }

  845.         }

  846.         $this->saveToFile($assignmentData, $this->assignmentFile);

  847.     }

  848. 

  849.     /**

  850.      * Saves rules data into persistent storage.

  851.      */

  852.     protected function saveRules()

  853.     {

  854.         $rules = [];

  855.         foreach ($this->rules as $name => $rule) {

  856.             $rules[$name] = serialize($rule);

  857.         }

  858.         $this->saveToFile($rules, $this->ruleFile);

  859.     }

  860. 

  861.     /**

  862.      * @inheritdoc

  863.      * @since 2.0.7

  864.      */

  865.     public function getUserIdsByRole($roleName)

  866.     {

  867.         $result = [];

  868.         foreach ($this->assignments as $userID => $assignments) {

  869.             foreach ($assignments as $userAssignment) {

  870.                 if ($userAssignment->roleName === $roleName && $userAssignment->userId == $userID) {

  871.                     $result[] = (string)$userID;

  872.                 }

  873.             }

  874.         }

  875.         return $result;

  876.     }

  877. }