Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * @link http://www.yiiframework.com/
- * @copyright Copyright (c) 2008 Yii Software LLC
- * @license http://www.yiiframework.com/license/
- */
- namespace yii\rbac;
- use Yii;
- use yii\base\InvalidArgumentException;
- use yii\base\InvalidCallException;
- use yii\helpers\VarDumper;
- class PhpManager extends BaseManager
- {
- /**
- * @var string the path of the PHP script that contains the authorization items.
- * This can be either a file path or a [path alias](guide:concept-aliases) to the file.
- * Make sure this file is writable by the Web server process if the authorization needs to be changed online.
- * @see loadFromFile()
- * @see saveToFile()
- */
- public $itemFile = '@app/rbac/items.php';
- /**
- * @var string the path of the PHP script that contains the authorization assignments.
- * This can be either a file path or a [path alias](guide:concept-aliases) to the file.
- * Make sure this file is writable by the Web server process if the authorization needs to be changed online.
- * @see loadFromFile()
- * @see saveToFile()
- */
- public $assignmentFile = '@app/rbac/assignments.php';
- /**
- * @var string the path of the PHP script that contains the authorization rules.
- * This can be either a file path or a [path alias](guide:concept-aliases) to the file.
- * Make sure this file is writable by the Web server process if the authorization needs to be changed online.
- * @see loadFromFile()
- * @see saveToFile()
- */
- public $ruleFile = '@app/rbac/rules.php';
- /**
- * @var Item[]
- */
- protected $items = []; // itemName => item
- /**
- * @var array
- */
- protected $children = []; // itemName, childName => child
- /**
- * @var array
- */
- protected $assignments = []; // userId, itemName => assignment
- /**
- * @var Rule[]
- */
- protected $rules = []; // ruleName => rule
- /**
- * Initializes the application component.
- * This method overrides parent implementation by loading the authorization data
- * from PHP script.
- */
- public function init()
- {
- parent::init();
- $this->itemFile = Yii::getAlias($this->itemFile);
- $this->assignmentFile = Yii::getAlias($this->assignmentFile);
- $this->ruleFile = Yii::getAlias($this->ruleFile);
- $this->load();
- }
- /**
- * {@inheritdoc}
- */
- public function checkAccess($userId, $permissionName, $params = [])
- {
- $assignments = $this->getAssignments($userId);
- if ($this->hasNoAssignments($assignments)) {
- return false;
- }
- return $this->checkAccessRecursive($userId, $permissionName, $params, $assignments);
- }
- /**
- * {@inheritdoc}
- */
- public function getAssignments($userId)
- {
- return isset($this->assignments[$userId]) ? $this->assignments[$userId] : [];
- }
- /**
- * Performs access check for the specified user.
- * This method is internally called by [[checkAccess()]].
- *
- * @param string|int $user the user ID. This should can be either an integer or a string representing
- * the unique identifier of a user. See [[\yii\web\User::id]].
- * @param string $itemName the name of the operation that need access check
- * @param array $params name-value pairs that would be passed to rules associated
- * with the tasks and roles assigned to the user. A param with name 'user' is added to this array,
- * which holds the value of `$userId`.
- * @param Assignment[] $assignments the assignments to the specified user
- * @return bool whether the operations can be performed by the user.
- */
- protected function checkAccessRecursive($user, $itemName, $params, $assignments)
- {
- if (!isset($this->items[$itemName])) {
- return false;
- }
- /* @var $item Item */
- $item = $this->items[$itemName];
- Yii::debug($item instanceof Role ? "Checking role: $itemName" : "Checking permission : $itemName", __METHOD__);
- if (!$this->executeRule($user, $item, $params)) {
- return false;
- }
- if (isset($assignments[$itemName]) || in_array($itemName, $this->defaultRoles)) {
- return true;
- }
- foreach ($this->children as $parentName => $children) {
- if (isset($children[$itemName]) && $this->checkAccessRecursive($user, $parentName, $params, $assignments)) {
- return true;
- }
- }
- return false;
- }
- /**
- * {@inheritdoc}
- * @since 2.0.8
- */
- public function canAddChild($parent, $child)
- {
- return !$this->detectLoop($parent, $child);
- }
- /**
- * Checks whether there is a loop in the authorization item hierarchy.
- *
- * @param Item $parent parent item
- * @param Item $child the child item that is to be added to the hierarchy
- * @return bool whether a loop exists
- */
- protected function detectLoop($parent, $child)
- {
- if ($child->name === $parent->name) {
- return true;
- }
- if (!isset($this->children[$child->name], $this->items[$parent->name])) {
- return false;
- }
- foreach ($this->children[$child->name] as $grandchild) {
- /* @var $grandchild Item */
- if ($this->detectLoop($parent, $grandchild)) {
- return true;
- }
- }
- return false;
- }
- /**
- * {@inheritdoc}
- */
- public function hasChild($parent, $child)
- {
- return isset($this->children[$parent->name][$child->name]);
- }
- /**
- * {@inheritdoc}
- */
- public function getAssignment($roleName, $userId)
- {
- return isset($this->assignments[$userId][$roleName]) ? $this->assignments[$userId][$roleName] : null;
- }
- /**
- * {@inheritdoc}
- */
- public function getItems($type)
- {
- $items = [];
- foreach ($this->items as $name => $item) {
- /* @var $item Item */
- if ($item->type == $type) {
- $items[$name] = $item;
- }
- }
- return $items;
- }
- /**
- * {@inheritdoc}
- */
- public function getItem($name)
- {
- return isset($this->items[$name]) ? $this->items[$name] : null;
- }
- /**
- * {@inheritdoc}
- */
- public function updateRule($name, $rule)
- {
- if ($rule->name !== $name) {
- unset($this->rules[$name]);
- }
- $this->rules[$rule->name] = $rule;
- $this->saveRules();
- return true;
- }
- /**
- * {@inheritdoc}
- */
- public function getRule($name)
- {
- return isset($this->rules[$name]) ? $this->rules[$name] : null;
- }
- /**
- * {@inheritdoc}
- */
- public function getRules()
- {
- return $this->rules;
- }
- /**
- * {@inheritdoc}
- * The roles returned by this method include the roles assigned via [[$defaultRoles]].
- */
- public function getRolesByUser($userId)
- {
- $roles = $this->getDefaultRoleInstances();
- foreach ($this->getAssignments($userId) as $name => $assignment) {
- $role = $this->items[$assignment->roleName];
- if ($role->type === Item::TYPE_ROLE) {
- $roles[$name] = $role;
- }
- }
- return $roles;
- }
- /**
- * {@inheritdoc}
- */
- public function getChildRoles($roleName)
- {
- $role = $this->getRole($roleName);
- if ($role === null) {
- throw new InvalidArgumentException("Role \"$roleName\" not found.");
- }
- $result = [];
- $this->getChildrenRecursive($roleName, $result);
- $roles = [$roleName => $role];
- $roles += array_filter($this->getRoles(), function (Role $roleItem) use ($result) {
- return array_key_exists($roleItem->name, $result);
- });
- return $roles;
- }
- /**
- * {@inheritdoc}
- */
- public function getPermissionsByRole($roleName)
- {
- $result = [];
- $this->getChildrenRecursive($roleName, $result);
- if (empty($result)) {
- return [];
- }
- $permissions = [];
- foreach (array_keys($result) as $itemName) {
- if (isset($this->items[$itemName]) && $this->items[$itemName] instanceof Permission) {
- $permissions[$itemName] = $this->items[$itemName];
- }
- }
- return $permissions;
- }
- /**
- * Recursively finds all children and grand children of the specified item.
- *
- * @param string $name the name of the item whose children are to be looked for.
- * @param array $result the children and grand children (in array keys)
- */
- protected function getChildrenRecursive($name, &$result)
- {
- if (isset($this->children[$name])) {
- foreach ($this->children[$name] as $child) {
- $result[$child->name] = true;
- $this->getChildrenRecursive($child->name, $result);
- }
- }
- }
- /**
- * {@inheritdoc}
- */
- public function getPermissionsByUser($userId)
- {
- $directPermission = $this->getDirectPermissionsByUser($userId);
- $inheritedPermission = $this->getInheritedPermissionsByUser($userId);
- return array_merge($directPermission, $inheritedPermission);
- }
- /**
- * Returns all permissions that are directly assigned to user.
- * @param string|int $userId the user ID (see [[\yii\web\User::id]])
- * @return Permission[] all direct permissions that the user has. The array is indexed by the permission names.
- * @since 2.0.7
- */
- protected function getDirectPermissionsByUser($userId)
- {
- $permissions = [];
- foreach ($this->getAssignments($userId) as $name => $assignment) {
- $permission = $this->items[$assignment->roleName];
- if ($permission->type === Item::TYPE_PERMISSION) {
- $permissions[$name] = $permission;
- }
- }
- return $permissions;
- }
- /**
- * Returns all permissions that the user inherits from the roles assigned to him.
- * @param string|int $userId the user ID (see [[\yii\web\User::id]])
- * @return Permission[] all inherited permissions that the user has. The array is indexed by the permission names.
- * @since 2.0.7
- */
- protected function getInheritedPermissionsByUser($userId)
- {
- $assignments = $this->getAssignments($userId);
- $result = [];
- foreach (array_keys($assignments) as $roleName) {
- $this->getChildrenRecursive($roleName, $result);
- }
- if (empty($result)) {
- return [];
- }
- $permissions = [];
- foreach (array_keys($result) as $itemName) {
- if (isset($this->items[$itemName]) && $this->items[$itemName] instanceof Permission) {
- $permissions[$itemName] = $this->items[$itemName];
- }
- }
- return $permissions;
- }
- /**
- * {@inheritdoc}
- */
- public function getChildren($name)
- {
- return isset($this->children[$name]) ? $this->children[$name] : [];
- }
- /**
- * {@inheritdoc}
- * @since 2.0.7
- */
- public function getUserIdsByRole($roleName)
- {
- $result = [];
- foreach ($this->assignments as $userID => $assignments) {
- foreach ($assignments as $userAssignment) {
- if ($userAssignment->roleName === $roleName && $userAssignment->userId == $userID) {
- $result[] = (string) $userID;
- }
- }
- }
- return $result;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement