unzend.com_311

1. <?php
2. // Ioncube Decoder Unzend.Com Email unzend@gmail.com
3. // http://www.unzend.com
4. /**
5.  * CDbAuthManager class file.
6.  *
7.  * @author Qiang Xue <qiang.xue@gmail.com>
8.  * @link http://www.yiiframework.com/
9.  * @copyright 2008-2013 Yii Software LLC
10.  * @license http://www.yiiframework.com/license/
11.  */
12.  
13. /**
14.  * CDbAuthManager represents an authorization manager that stores authorization information in database.
15.  *
16.  * The database connection is specified by {@link connectionID}. And the database schema
17.  * should be as described in "framework/web/auth/*.sql". You may change the names of
18.  * the three tables used to store the authorization data by setting {@link itemTable},
19.  * {@link itemChildTable} and {@link assignmentTable}.
20.  *
21.  * @property array $authItems The authorization items of the specific type.
22.  *
23.  * @author Qiang Xue <qiang.xue@gmail.com>
24.  * @package system.web.auth
25.  * @since 1.0
26.  */
27. class CDbAuthManager extends CAuthManager
28. {
29.     /**
30.      * @var string the ID of the {@link CDbConnection} application component. Defaults to 'db'.
31.      * The database must have the tables as declared in "framework/web/auth/*.sql".
32.      */
33.     public $connectionID='db';
34.     /**
35.      * @var string the name of the table storing authorization items. Defaults to 'AuthItem'.
36.      */
37.     public $itemTable='AuthItem';
38.     /**
39.      * @var string the name of the table storing authorization item hierarchy. Defaults to 'AuthItemChild'.
40.      */
41.     public $itemChildTable='AuthItemChild';
42.     /**
43.      * @var string the name of the table storing authorization item assignments. Defaults to 'AuthAssignment'.
44.      */
45.     public $assignmentTable='AuthAssignment';
46.     /**
47.      * @var CDbConnection the database connection. By default, this is initialized
48.      * automatically as the application component whose ID is indicated as {@link connectionID}.
49.      */
50.     public $db;
51.  
52.     private $_usingSqlite;
53.  
54.     /**
55.      * Initializes the application component.
56.      * This method overrides the parent implementation by establishing the database connection.
57.      */
58.     public function init()
59.     {
60.         parent::init();
61.         $this->_usingSqlite=!strncmp($this->getDbConnection()->getDriverName(),'sqlite',6);
62.     }
63.  
64.     /**
65.      * Performs access check for the specified user.
66.      * @param string $itemName the name of the operation that need access check
67.      * @param mixed $userId the user ID. This should can be either an integer and a string representing
68.      * the unique identifier of a user. See {@link IWebUser::getId}.
69.      * @param array $params name-value pairs that would be passed to biz rules associated
70.      * with the tasks and roles assigned to the user.
71.      * Since version 1.1.11 a param with name 'userId' is added to this array, which holds the value of <code>$userId</code>.
72.      * @return boolean whether the operations can be performed by the user.
73.      */
74.     public function checkAccess($itemName,$userId,$params=array())
75.     {
76.         $assignments=$this->getAuthAssignments($userId);
77.         return $this->checkAccessRecursive($itemName,$userId,$params,$assignments);
78.     }
79.  
80.     /**
81.      * Performs access check for the specified user.
82.      * This method is internally called by {@link checkAccess}.
83.      * @param string $itemName the name of the operation that need access check
84.      * @param mixed $userId the user ID. This should can be either an integer and a string representing
85.      * the unique identifier of a user. See {@link IWebUser::getId}.
86.      * @param array $params name-value pairs that would be passed to biz rules associated
87.      * with the tasks and roles assigned to the user.
88.      * Since version 1.1.11 a param with name 'userId' is added to this array, which holds the value of <code>$userId</code>.
89.      * @param array $assignments the assignments to the specified user
90.      * @return boolean whether the operations can be performed by the user.
91.      * @since 1.1.3
92.      */
93.     protected function checkAccessRecursive($itemName,$userId,$params,$assignments)
94.     {
95.         if(($item=$this->getAuthItem($itemName))===null)
96.             return false;
97.         Yii::trace('Checking permission "'.$item->getName().'"','system.web.auth.CDbAuthManager');
98.         if(!isset($params['userId']))
99.             $params['userId'] = $userId;
100.         if($this->executeBizRule($item->getBizRule(),$params,$item->getData()))
101.         {
102.             if(in_array($itemName,$this->defaultRoles))
103.                 return true;
104.             if(isset($assignments[$itemName]))
105.             {
106.                 $assignment=$assignments[$itemName];
107.                 if($this->executeBizRule($assignment->getBizRule(),$params,$assignment->getData()))
108.                     return true;
109.             }
110.             $parents=$this->db->createCommand()
111.                 ->select('parent')
112.                 ->from($this->itemChildTable)
113.                 ->where('child=:name', array(':name'=>$itemName))
114.                 ->queryColumn();
115.             foreach($parents as $parent)
116.             {
117.                 if($this->checkAccessRecursive($parent,$userId,$params,$assignments))
118.                     return true;
119.             }
120.         }
121.         return false;
122.     }
123.  
124.     /**
125.      * Adds an item as a child of another item.
126.      * @param string $itemName the parent item name
127.      * @param string $childName the child item name
128.      * @return boolean whether the item is added successfully
129.      * @throws CException if either parent or child doesn't exist or if a loop has been detected.
130.      */
131.     public function addItemChild($itemName,$childName)
132.     {
133.         if($itemName===$childName)
134.             throw new CException(Yii::t('yii','Cannot add "{name}" as a child of itself.',
135.                     array('{name}'=>$itemName)));
136.  
137.         $rows=$this->db->createCommand()
138.             ->select()
139.             ->from($this->itemTable)
140.             ->where('name=:name1 OR name=:name2', array(
141.                 ':name1'=>$itemName,
142.                 ':name2'=>$childName
143.             ))
144.             ->queryAll();
145.  
146.         if(count($rows)==2)
147.         {
148.             if($rows[0]['name']===$itemName)
149.             {
150.                 $parentType=$rows[0]['type'];
151.                 $childType=$rows[1]['type'];
152.             }
153.             else
154.             {
155.                 $childType=$rows[0]['type'];
156.                 $parentType=$rows[1]['type'];
157.             }
158.             $this->checkItemChildType($parentType,$childType);
159.             if($this->detectLoop($itemName,$childName))
160.                 throw new CException(Yii::t('yii','Cannot add "{child}" as a child of "{name}". A loop has been detected.',
161.                     array('{child}'=>$childName,'{name}'=>$itemName)));
162.  
163.             $this->db->createCommand()
164.                 ->insert($this->itemChildTable, array(
165.                     'parent'=>$itemName,
166.                     'child'=>$childName,
167.                 ));
168.  
169.             return true;
170.         }
171.         else
172.             throw new CException(Yii::t('yii','Either "{parent}" or "{child}" does not exist.',array('{child}'=>$childName,'{parent}'=>$itemName)));
173.     }
174.  
175.     /**
176.      * Removes a child from its parent.
177.      * Note, the child item is not deleted. Only the parent-child relationship is removed.
178.      * @param string $itemName the parent item name
179.      * @param string $childName the child item name
180.      * @return boolean whether the removal is successful
181.      */
182.     public function removeItemChild($itemName,$childName)
183.     {
184.         return $this->db->createCommand()
185.             ->delete($this->itemChildTable, 'parent=:parent AND child=:child', array(
186.                 ':parent'=>$itemName,
187.                 ':child'=>$childName
188.             )) > 0;
189.     }
190.  
191.     /**
192.      * Returns a value indicating whether a child exists within a parent.
193.      * @param string $itemName the parent item name
194.      * @param string $childName the child item name
195.      * @return boolean whether the child exists
196.      */
197.     public function hasItemChild($itemName,$childName)
198.     {
199.         return $this->db->createCommand()
200.             ->select('parent')
201.             ->from($this->itemChildTable)
202.             ->where('parent=:parent AND child=:child', array(
203.                 ':parent'=>$itemName,
204.                 ':child'=>$childName))
205.             ->queryScalar() !== false;
206.     }
207.  
208.     /**
209.      * Returns the children of the specified item.
210.      * @param mixed $names the parent item name. This can be either a string or an array.
211.      * The latter represents a list of item names.
212.      * @return array all child items of the parent
213.      */
214.     public function getItemChildren($names)
215.     {
216.         if(is_string($names))
217.             $condition='parent='.$this->db->quoteValue($names);
218.         elseif(is_array($names) && $names!==array())
219.         {
220.             foreach($names as &$name)
221.                 $name=$this->db->quoteValue($name);
222.             $condition='parent IN ('.implode(', ',$names).')';
223.         }
224.  
225.         $rows=$this->db->createCommand()
226.             ->select('name, type, description, bizrule, data')
227.             ->from(array(
228.                 $this->itemTable,
229.                 $this->itemChildTable
230.             ))
231.             ->where($condition.' AND name=child')
232.             ->queryAll();
233.  
234.         $children=array();
235.         foreach($rows as $row)
236.         {
237.             if(($data=@unserialize($row['data']))===false)
238.                 $data=null;
239.             $children[$row['name']]=new CAuthItem($this,$row['name'],$row['type'],$row['description'],$row['bizrule'],$data);
240.         }
241.         return $children;
242.     }
243.  
244.     /**
245.      * Assigns an authorization item to a user.
246.      * @param string $itemName the item name
247.      * @param mixed $userId the user ID (see {@link IWebUser::getId})
248.      * @param string $bizRule the business rule to be executed when {@link checkAccess} is called
249.      * for this particular authorization item.
250.      * @param mixed $data additional data associated with this assignment
251.      * @return CAuthAssignment the authorization assignment information.
252.      * @throws CException if the item does not exist or if the item has already been assigned to the user
253.      */
254.     public function assign($itemName,$userId,$bizRule=null,$data=null)
255.     {
256.         if($this->usingSqlite() && $this->getAuthItem($itemName)===null)
257.             throw new CException(Yii::t('yii','The item "{name}" does not exist.',array('{name}'=>$itemName)));
258.  
259.         $this->db->createCommand()
260.             ->insert($this->assignmentTable, array(
261.                 'itemname'=>$itemName,
262.                 'userid'=>$userId,
263.                 'bizrule'=>$bizRule,
264.                 'data'=>serialize($data)
265.             ));
266.         return new CAuthAssignment($this,$itemName,$userId,$bizRule,$data);
267.     }
268.  
269.     /**
270.      * Revokes an authorization assignment from a user.
271.      * @param string $itemName the item name
272.      * @param mixed $userId the user ID (see {@link IWebUser::getId})
273.      * @return boolean whether removal is successful
274.      */
275.     public function revoke($itemName,$userId)
276.     {
277.         return $this->db->createCommand()
278.             ->delete($this->assignmentTable, 'itemname=:itemname AND userid=:userid', array(
279.                 ':itemname'=>$itemName,
280.                 ':userid'=>$userId
281.             )) > 0;
282.     }
283.  
284.     /**
285.      * Returns a value indicating whether the item has been assigned to the user.
286.      * @param string $itemName the item name
287.      * @param mixed $userId the user ID (see {@link IWebUser::getId})
288.      * @return boolean whether the item has been assigned to the user.
289.      */
290.     public function isAssigned($itemName,$userId)
291.     {
292.         return $this->db->createCommand()
293.             ->select('itemname')
294.             ->from($this->assignmentTable)
295.             ->where('itemname=:itemname AND userid=:userid', array(
296.                 ':itemname'=>$itemName,
297.                 ':userid'=>$userId))
298.             ->queryScalar() !== false;
299.     }
300.  
301.     /**
302.      * Returns the item assignment information.
303.      * @param string $itemName the item name
304.      * @param mixed $userId the user ID (see {@link IWebUser::getId})
305.      * @return CAuthAssignment the item assignment information. Null is returned if
306.      * the item is not assigned to the user.
307.      */
308.     public function getAuthAssignment($itemName,$userId)
309.     {
310.         $row=$this->db->createCommand()
311.             ->select()
312.             ->from($this->assignmentTable)
313.             ->where('itemname=:itemname AND userid=:userid', array(
314.                 ':itemname'=>$itemName,
315.                 ':userid'=>$userId))
316.             ->queryRow();
317.         if($row!==false)
318.         {
319.             if(($data=@unserialize($row['data']))===false)
320.                 $data=null;
321.             return new CAuthAssignment($this,$row['itemname'],$row['userid'],$row['bizrule'],$data);
322.         }
323.         else
324.             return null;
325.     }
326.  
327.     /**
328.      * Returns the item assignments for the specified user.
329.      * @param mixed $userId the user ID (see {@link IWebUser::getId})
330.      * @return array the item assignment information for the user. An empty array will be
331.      * returned if there is no item assigned to the user.
332.      */
333.     public function getAuthAssignments($userId)
334.     {
335.         $rows=$this->db->createCommand()
336.             ->select()
337.             ->from($this->assignmentTable)
338.             ->where('userid=:userid', array(':userid'=>$userId))
339.             ->queryAll();
340.         $assignments=array();
341.         foreach($rows as $row)
342.         {
343.             if(($data=@unserialize($row['data']))===false)
344.                 $data=null;
345.             $assignments[$row['itemname']]=new CAuthAssignment($this,$row['itemname'],$row['userid'],$row['bizrule'],$data);
346.         }
347.         return $assignments;
348.     }
349.  
350.     /**
351.      * Saves the changes to an authorization assignment.
352.      * @param CAuthAssignment $assignment the assignment that has been changed.
353.      */
354.     public function saveAuthAssignment($assignment)
355.     {
356.         $this->db->createCommand()
357.             ->update($this->assignmentTable, array(
358.                 'bizrule'=>$assignment->getBizRule(),
359.                 'data'=>serialize($assignment->getData()),
360.             ), 'itemname=:itemname AND userid=:userid', array(
361.                 'itemname'=>$assignment->getItemName(),
362.                 'userid'=>$assignment->getUserId()
363.             ));
364.     }
365.  
366.     /**
367.      * Returns the authorization items of the specific type and user.
368.      * @param integer $type the item type (0: operation, 1: task, 2: role). Defaults to null,
369.      * meaning returning all items regardless of their type.
370.      * @param mixed $userId the user ID. Defaults to null, meaning returning all items even if
371.      * they are not assigned to a user.
372.      * @return array the authorization items of the specific type.
373.      */
374.     public function getAuthItems($type=null,$userId=null)
375.     {
376.         if($type===null && $userId===null)
377.         {
378.             $command=$this->db->createCommand()
379.                 ->select()
380.                 ->from($this->itemTable);
381.         }
382.         elseif($userId===null)
383.         {
384.             $command=$this->db->createCommand()
385.                 ->select()
386.                 ->from($this->itemTable)
387.                 ->where('type=:type', array(':type'=>$type));
388.         }
389.         elseif($type===null)
390.         {
391.             $command=$this->db->createCommand()
392.                 ->select('name,type,description,t1.bizrule,t1.data')
393.                 ->from(array(
394.                     $this->itemTable.' t1',
395.                     $this->assignmentTable.' t2'
396.                 ))
397.                 ->where('name=itemname AND userid=:userid', array(':userid'=>$userId));
398.         }
399.         else
400.         {
401.             $command=$this->db->createCommand()
402.                 ->select('name,type,description,t1.bizrule,t1.data')
403.                 ->from(array(
404.                     $this->itemTable.' t1',
405.                     $this->assignmentTable.' t2'
406.                 ))
407.                 ->where('name=itemname AND type=:type AND userid=:userid', array(
408.                     ':type'=>$type,
409.                     ':userid'=>$userId
410.                 ));
411.         }
412.         $items=array();
413.         foreach($command->queryAll() as $row)
414.         {
415.             if(($data=@unserialize($row['data']))===false)
416.                 $data=null;
417.             $items[$row['name']]=new CAuthItem($this,$row['name'],$row['type'],$row['description'],$row['bizrule'],$data);
418.         }
419.         return $items;
420.     }
421.  
422.     /**
423.      * Creates an authorization item.
424.      * An authorization item represents an action permission (e.g. creating a post).
425.      * It has three types: operation, task and role.
426.      * Authorization items form a hierarchy. Higher level items inheirt permissions representing
427.      * by lower level items.
428.      * @param string $name the item name. This must be a unique identifier.
429.      * @param integer $type the item type (0: operation, 1: task, 2: role).
430.      * @param string $description description of the item
431.      * @param string $bizRule business rule associated with the item. This is a piece of
432.      * PHP code that will be executed when {@link checkAccess} is called for the item.
433.      * @param mixed $data additional data associated with the item.
434.      * @return CAuthItem the authorization item
435.      * @throws CException if an item with the same name already exists
436.      */
437.     public function createAuthItem($name,$type,$description='',$bizRule=null,$data=null)
438.     {
439.         $this->db->createCommand()
440.             ->insert($this->itemTable, array(
441.                 'name'=>$name,
442.                 'type'=>$type,
443.                 'description'=>$description,
444.                 'bizrule'=>$bizRule,
445.                 'data'=>serialize($data)
446.             ));
447.         return new CAuthItem($this,$name,$type,$description,$bizRule,$data);
448.     }
449.  
450.     /**
451.      * Removes the specified authorization item.
452.      * @param string $name the name of the item to be removed
453.      * @return boolean whether the item exists in the storage and has been removed
454.      */
455.     public function removeAuthItem($name)
456.     {
457.         if($this->usingSqlite())
458.         {
459.             $this->db->createCommand()
460.                 ->delete($this->itemChildTable, 'parent=:name1 OR child=:name2', array(
461.                     ':name1'=>$name,
462.                     ':name2'=>$name
463.             ));
464.             $this->db->createCommand()
465.                 ->delete($this->assignmentTable, 'itemname=:name', array(
466.                     ':name'=>$name,
467.             ));
468.         }
469.  
470.         return $this->db->createCommand()
471.             ->delete($this->itemTable, 'name=:name', array(
472.                 ':name'=>$name
473.             )) > 0;
474.     }
475.  
476.     /**
477.      * Returns the authorization item with the specified name.
478.      * @param string $name the name of the item
479.      * @return CAuthItem the authorization item. Null if the item cannot be found.
480.      */
481.     public function getAuthItem($name)
482.     {
483.         $row=$this->db->createCommand()
484.             ->select()
485.             ->from($this->itemTable)
486.             ->where('name=:name', array(':name'=>$name))
487.             ->queryRow();
488.  
489.         if($row!==false)
490.         {
491.             if(($data=@unserialize($row['data']))===false)
492.                 $data=null;
493.             return new CAuthItem($this,$row['name'],$row['type'],$row['description'],$row['bizrule'],$data);
494.         }
495.         else
496.             return null;
497.     }
498.  
499.     /**
500.      * Saves an authorization item to persistent storage.
501.      * @param CAuthItem $item the item to be saved.
502.      * @param string $oldName the old item name. If null, it means the item name is not changed.
503.      */
504.     public function saveAuthItem($item,$oldName=null)
505.     {
506.         if($this->usingSqlite() && $oldName!==null && $item->getName()!==$oldName)
507.         {
508.             $this->db->createCommand()
509.                 ->update($this->itemChildTable, array(
510.                     'parent'=>$item->getName(),
511.                 ), 'parent=:whereName', array(
512.                     ':whereName'=>$oldName,
513.                 ));
514.             $this->db->createCommand()
515.                 ->update($this->itemChildTable, array(
516.                     'child'=>$item->getName(),
517.                 ), 'child=:whereName', array(
518.                     ':whereName'=>$oldName,
519.                 ));
520.             $this->db->createCommand()
521.                 ->update($this->assignmentTable, array(
522.                     'itemname'=>$item->getName(),
523.                 ), 'itemname=:whereName', array(
524.                     ':whereName'=>$oldName,
525.                 ));
526.         }
527.  
528.         $this->db->createCommand()
529.             ->update($this->itemTable, array(
530.                 'name'=>$item->getName(),
531.                 'type'=>$item->getType(),
532.                 'description'=>$item->getDescription(),
533.                 'bizrule'=>$item->getBizRule(),
534.                 'data'=>serialize($item->getData()),
535.             ), 'name=:whereName', array(
536.                 ':whereName'=>$oldName===null?$item->getName():$oldName,
537.             ));
538.     }
539.  
540.     /**
541.      * Saves the authorization data to persistent storage.
542.      */
543.     public function save()
544.     {
545.     }
546.  
547.     /**
548.      * Removes all authorization data.
549.      */
550.     public function clearAll()
551.     {
552.         $this->clearAuthAssignments();
553.         $this->db->createCommand()->delete($this->itemChildTable);
554.         $this->db->createCommand()->delete($this->itemTable);
555.     }
556.  
557.     /**
558.      * Removes all authorization assignments.
559.      */
560.     public function clearAuthAssignments()
561.     {
562.         $this->db->createCommand()->delete($this->assignmentTable);
563.     }
564.  
565.     /**
566.      * Checks whether there is a loop in the authorization item hierarchy.
567.      * @param string $itemName parent item name
568.      * @param string $childName the name of the child item that is to be added to the hierarchy
569.      * @return boolean whether a loop exists
570.      */
571.     protected function detectLoop($itemName,$childName)
572.     {
573.         if($childName===$itemName)
574.             return true;
575.         foreach($this->getItemChildren($childName) as $child)
576.         {
577.             if($this->detectLoop($itemName,$child->getName()))
578.                 return true;
579.         }
580.         return false;
581.     }
582.  
583.     /**
584.      * @return CDbConnection the DB connection instance
585.      * @throws CException if {@link connectionID} does not point to a valid application component.
586.      */
587.     protected function getDbConnection()
588.     {
589.         if($this->db!==null)
590.             return $this->db;
591.         elseif(($this->db=Yii::app()->getComponent($this->connectionID)) instanceof CDbConnection)
592.             return $this->db;
593.         else
594.             throw new CException(Yii::t('yii','CDbAuthManager.connectionID "{id}" is invalid. Please make sure it refers to the ID of a CDbConnection application component.',
595.                 array('{id}'=>$this->connectionID)));
596.     }
597.  
598.     /**
599.      * @return boolean whether the database is a SQLite database
600.      */
601.     protected function usingSqlite()
602.     {
603.         return $this->_usingSqlite;
604.     }
605. }