Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Y
yii2
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
PSDI Army
yii2
Commits
491e6608
Commit
491e6608
authored
May 11, 2013
by
Qiang Xue
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
refactored RBAC.
parent
667b808f
Show whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
176 additions
and
238 deletions
+176
-238
Assignment.php
yii/rbac/Assignment.php
+13
-70
DbManager.php
yii/rbac/DbManager.php
+68
-24
Item.php
yii/rbac/Item.php
+32
-112
Manager.php
yii/rbac/Manager.php
+1
-1
PhpManager.php
yii/rbac/PhpManager.php
+42
-16
schema-mssql.sql
yii/rbac/schema-mssql.sql
+4
-3
schema-mysql.sql
yii/rbac/schema-mysql.sql
+4
-3
schema-oci.sql
yii/rbac/schema-oci.sql
+4
-3
schema-pgsql.sql
yii/rbac/schema-pgsql.sql
+4
-3
schema-sqlite.sql
yii/rbac/schema-sqlite.sql
+4
-3
No files found.
yii/rbac/Assignment.php
View file @
491e6608
...
@@ -16,97 +16,40 @@ use yii\base\Object;
...
@@ -16,97 +16,40 @@ use yii\base\Object;
* Do not create a Assignment instance using the 'new' operator.
* Do not create a Assignment instance using the 'new' operator.
* Instead, call [[Manager::assign()]].
* Instead, call [[Manager::assign()]].
*
*
* @property mixed $userId User ID (see [[User::id]]).
* @property string $itemName The authorization item name.
* @property string $bizRule The business rule associated with this assignment.
* @property mixed $data Additional data for this assignment.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @since 2.0
* @since 2.0
*/
*/
class
Assignment
extends
Object
class
Assignment
extends
Object
{
{
private
$_auth
;
private
$_userId
;
private
$_itemName
;
private
$_bizRule
;
private
$_data
;
/**
* Constructor.
* @param Manager $auth the authorization manager
* @param mixed $userId user ID (see [[User::id]])
* @param string $itemName authorization item name
* @param string $bizRule the business rule associated with this assignment
* @param mixed $data additional data for this assignment
*/
public
function
__construct
(
$auth
,
$userId
,
$itemName
,
$bizRule
=
null
,
$data
=
null
)
{
$this
->
_auth
=
$auth
;
$this
->
_userId
=
$userId
;
$this
->
_itemName
=
$itemName
;
$this
->
_bizRule
=
$bizRule
;
$this
->
_data
=
$data
;
}
/**
/**
* @
return mixed user ID (see [[User::id]])
* @
var Manager the auth manager of this item
*/
*/
public
function
getUserId
()
public
$manager
;
{
return
$this
->
_userId
;
}
/**
* @return string the authorization item name
*/
public
function
getItemName
()
{
return
$this
->
_itemName
;
}
/**
/**
* @
return
string the business rule associated with this assignment
* @
var
string the business rule associated with this assignment
*/
*/
public
function
getBizRule
()
public
$bizRule
;
{
return
$this
->
_bizRule
;
}
/**
/**
* @
param string $value the business rule associated with
this assignment
* @
var mixed additional data for
this assignment
*/
*/
public
function
setBizRule
(
$value
)
public
$data
;
{
if
(
$this
->
_bizRule
!==
$value
)
{
$this
->
_bizRule
=
$value
;
}
}
/**
/**
* @return mixed additional data for this assignment
* @var mixed user ID (see [[User::id]]). Do not modify this property after it is populated.
* To modify the user ID of an assignment, you must remove the assignment and create a new one.
*/
*/
public
function
getData
()
public
$userId
;
{
return
$this
->
_data
;
}
/**
/**
* @param mixed $value additional data for this assignment
* @return string the authorization item name. Do not modify this property after it is populated.
* To modify the item name of an assignment, you must remove the assignment and create a new one.
*/
*/
public
function
setData
(
$value
)
public
$itemName
;
{
if
(
$this
->
_data
!==
$value
)
{
$this
->
_data
=
$value
;
}
}
/**
/**
* Saves the changes to an authorization assignment.
* Saves the changes to an authorization assignment.
*/
*/
public
function
save
()
public
function
save
()
{
{
$this
->
_auth
->
saveAssignment
(
$this
);
$this
->
manager
->
saveAssignment
(
$this
);
}
}
}
}
yii/rbac/DbManager.php
View file @
491e6608
...
@@ -24,8 +24,6 @@ use yii\base\InvalidParamException;
...
@@ -24,8 +24,6 @@ use yii\base\InvalidParamException;
* the three tables used to store the authorization data by setting [[itemTable]],
* the three tables used to store the authorization data by setting [[itemTable]],
* [[itemChildTable]] and [[assignmentTable]].
* [[itemChildTable]] and [[assignmentTable]].
*
*
* @property array $authItems The authorization items of the specific type.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @since 2.0
* @since 2.0
...
@@ -106,13 +104,13 @@ class DbManager extends Manager
...
@@ -106,13 +104,13 @@ class DbManager extends Manager
if
(
!
isset
(
$params
[
'userId'
]))
{
if
(
!
isset
(
$params
[
'userId'
]))
{
$params
[
'userId'
]
=
$userId
;
$params
[
'userId'
]
=
$userId
;
}
}
if
(
$this
->
executeBizRule
(
$item
->
getBizRule
(),
$params
,
$item
->
getData
()
))
{
if
(
$this
->
executeBizRule
(
$item
->
bizRule
,
$params
,
$item
->
data
))
{
if
(
in_array
(
$itemName
,
$this
->
defaultRoles
))
{
if
(
in_array
(
$itemName
,
$this
->
defaultRoles
))
{
return
true
;
return
true
;
}
}
if
(
isset
(
$assignments
[
$itemName
]))
{
if
(
isset
(
$assignments
[
$itemName
]))
{
$assignment
=
$assignments
[
$itemName
];
$assignment
=
$assignments
[
$itemName
];
if
(
$this
->
executeBizRule
(
$assignment
->
getBizRule
(),
$params
,
$assignment
->
getData
()
))
{
if
(
$this
->
executeBizRule
(
$assignment
->
bizRule
,
$params
,
$assignment
->
data
))
{
return
true
;
return
true
;
}
}
}
}
...
@@ -207,7 +205,7 @@ class DbManager extends Manager
...
@@ -207,7 +205,7 @@ class DbManager extends Manager
public
function
getItemChildren
(
$names
)
public
function
getItemChildren
(
$names
)
{
{
$query
=
new
Query
;
$query
=
new
Query
;
$rows
=
$query
->
select
(
array
(
'name'
,
'type'
,
'description'
,
'bizrule'
,
'data'
))
$rows
=
$query
->
select
(
array
(
'name'
,
'type'
,
'description'
,
'biz
_
rule'
,
'data'
))
->
from
(
array
(
$this
->
itemTable
,
$this
->
itemChildTable
))
->
from
(
array
(
$this
->
itemTable
,
$this
->
itemChildTable
))
->
where
(
array
(
'parent'
=>
$names
,
'name'
=>
new
Expression
(
'child'
)))
->
where
(
array
(
'parent'
=>
$names
,
'name'
=>
new
Expression
(
'child'
)))
->
createCommand
(
$this
->
db
)
->
createCommand
(
$this
->
db
)
...
@@ -217,7 +215,14 @@ class DbManager extends Manager
...
@@ -217,7 +215,14 @@ class DbManager extends Manager
if
((
$data
=
@
unserialize
(
$row
[
'data'
]))
===
false
)
{
if
((
$data
=
@
unserialize
(
$row
[
'data'
]))
===
false
)
{
$data
=
null
;
$data
=
null
;
}
}
$children
[
$row
[
'name'
]]
=
new
Item
(
$this
,
$row
[
'name'
],
$row
[
'type'
],
$row
[
'description'
],
$row
[
'bizrule'
],
$data
);
$children
[
$row
[
'name'
]]
=
new
Item
(
array
(
'manager'
=>
$this
,
'name'
=>
$row
[
'name'
],
'type'
=>
$row
[
'type'
],
'description'
=>
$row
[
'description'
],
'bizRule'
=>
$row
[
'biz_rule'
],
'data'
=>
$data
,
));
}
}
return
$children
;
return
$children
;
}
}
...
@@ -241,10 +246,16 @@ class DbManager extends Manager
...
@@ -241,10 +246,16 @@ class DbManager extends Manager
->
insert
(
$this
->
assignmentTable
,
array
(
->
insert
(
$this
->
assignmentTable
,
array
(
'user_id'
=>
$userId
,
'user_id'
=>
$userId
,
'item_name'
=>
$itemName
,
'item_name'
=>
$itemName
,
'bizrule'
=>
$bizRule
,
'biz
_
rule'
=>
$bizRule
,
'data'
=>
serialize
(
$data
),
'data'
=>
serialize
(
$data
),
));
));
return
new
Assignment
(
$this
,
$userId
,
$itemName
,
$bizRule
,
$data
);
return
new
Assignment
(
array
(
'manager'
=>
$this
,
'userId'
=>
$userId
,
'itemName'
=>
$itemName
,
'bizRule'
=>
$bizRule
,
'data'
=>
$data
,
));
}
}
/**
/**
...
@@ -293,7 +304,13 @@ class DbManager extends Manager
...
@@ -293,7 +304,13 @@ class DbManager extends Manager
if
((
$data
=
@
unserialize
(
$row
[
'data'
]))
===
false
)
{
if
((
$data
=
@
unserialize
(
$row
[
'data'
]))
===
false
)
{
$data
=
null
;
$data
=
null
;
}
}
return
new
Assignment
(
$this
,
$row
[
'user_id'
],
$row
[
'item_name'
],
$row
[
'bizrule'
],
$data
);
return
new
Assignment
(
array
(
'manager'
=>
$this
,
'userId'
=>
$row
[
'user_id'
],
'itemName'
=>
$row
[
'item_name'
],
'bizRule'
=>
$row
[
'biz_rule'
],
'data'
=>
$data
,
));
}
else
{
}
else
{
return
null
;
return
null
;
}
}
...
@@ -317,7 +334,13 @@ class DbManager extends Manager
...
@@ -317,7 +334,13 @@ class DbManager extends Manager
if
((
$data
=
@
unserialize
(
$row
[
'data'
]))
===
false
)
{
if
((
$data
=
@
unserialize
(
$row
[
'data'
]))
===
false
)
{
$data
=
null
;
$data
=
null
;
}
}
$assignments
[
$row
[
'item_name'
]]
=
new
Assignment
(
$this
,
$row
[
'user_id'
],
$row
[
'item_name'
],
$row
[
'bizrule'
],
$data
);
$assignments
[
$row
[
'item_name'
]]
=
new
Assignment
(
array
(
'manager'
=>
$this
,
'userId'
=>
$row
[
'user_id'
],
'itemName'
=>
$row
[
'item_name'
],
'bizRule'
=>
$row
[
'biz_rule'
],
'data'
=>
$data
,
));
}
}
return
$assignments
;
return
$assignments
;
}
}
...
@@ -330,11 +353,11 @@ class DbManager extends Manager
...
@@ -330,11 +353,11 @@ class DbManager extends Manager
{
{
$this
->
db
->
createCommand
()
$this
->
db
->
createCommand
()
->
update
(
$this
->
assignmentTable
,
array
(
->
update
(
$this
->
assignmentTable
,
array
(
'biz
rule'
=>
$assignment
->
getBizRule
()
,
'biz
_rule'
=>
$assignment
->
bizRule
,
'data'
=>
serialize
(
$assignment
->
getData
()
),
'data'
=>
serialize
(
$assignment
->
data
),
),
array
(
),
array
(
'user_id'
=>
$assignment
->
getUserId
()
,
'user_id'
=>
$assignment
->
userId
,
'item_name'
=>
$assignment
->
getItemName
()
,
'item_name'
=>
$assignment
->
itemName
,
));
));
}
}
...
@@ -357,12 +380,12 @@ class DbManager extends Manager
...
@@ -357,12 +380,12 @@ class DbManager extends Manager
->
where
(
array
(
'type'
=>
$type
))
->
where
(
array
(
'type'
=>
$type
))
->
createCommand
(
$this
->
db
);
->
createCommand
(
$this
->
db
);
}
elseif
(
$type
===
null
)
{
}
elseif
(
$type
===
null
)
{
$command
=
$query
->
select
(
array
(
'name'
,
'type'
,
'description'
,
't1.bizrule'
,
't1.data'
))
$command
=
$query
->
select
(
array
(
'name'
,
'type'
,
'description'
,
't1.biz
_
rule'
,
't1.data'
))
->
from
(
array
(
$this
->
itemTable
.
' t1'
,
$this
->
assignmentTable
.
' t2'
))
->
from
(
array
(
$this
->
itemTable
.
' t1'
,
$this
->
assignmentTable
.
' t2'
))
->
where
(
array
(
'user_id'
=>
$userId
,
'name'
=>
new
Expression
(
'item_name'
)))
->
where
(
array
(
'user_id'
=>
$userId
,
'name'
=>
new
Expression
(
'item_name'
)))
->
createCommand
(
$this
->
db
);
->
createCommand
(
$this
->
db
);
}
else
{
}
else
{
$command
=
$query
->
select
(
'name'
,
'type'
,
'description'
,
't1.bizrule'
,
't1.data'
)
$command
=
$query
->
select
(
'name'
,
'type'
,
'description'
,
't1.biz
_
rule'
,
't1.data'
)
->
from
(
array
(
$this
->
itemTable
.
' t1'
,
$this
->
assignmentTable
.
' t2'
))
->
from
(
array
(
$this
->
itemTable
.
' t1'
,
$this
->
assignmentTable
.
' t2'
))
->
where
(
array
(
'user_id'
=>
$userId
,
'type'
=>
$type
,
'name'
=>
new
Expression
(
'item_name'
)))
->
where
(
array
(
'user_id'
=>
$userId
,
'type'
=>
$type
,
'name'
=>
new
Expression
(
'item_name'
)))
->
createCommand
(
$this
->
db
);
->
createCommand
(
$this
->
db
);
...
@@ -372,7 +395,14 @@ class DbManager extends Manager
...
@@ -372,7 +395,14 @@ class DbManager extends Manager
if
((
$data
=
@
unserialize
(
$row
[
'data'
]))
===
false
)
{
if
((
$data
=
@
unserialize
(
$row
[
'data'
]))
===
false
)
{
$data
=
null
;
$data
=
null
;
}
}
$items
[
$row
[
'name'
]]
=
new
Item
(
$this
,
$row
[
'name'
],
$row
[
'type'
],
$row
[
'description'
],
$row
[
'bizrule'
],
$data
);
$items
[
$row
[
'name'
]]
=
new
Item
(
array
(
'manager'
=>
$this
,
'name'
=>
$row
[
'name'
],
'type'
=>
$row
[
'type'
],
'description'
=>
$row
[
'description'
],
'bizRule'
=>
$row
[
'biz_rule'
],
'data'
=>
$data
,
));
}
}
return
$items
;
return
$items
;
}
}
...
@@ -399,10 +429,17 @@ class DbManager extends Manager
...
@@ -399,10 +429,17 @@ class DbManager extends Manager
'name'
=>
$name
,
'name'
=>
$name
,
'type'
=>
$type
,
'type'
=>
$type
,
'description'
=>
$description
,
'description'
=>
$description
,
'bizrule'
=>
$bizRule
,
'biz
_
rule'
=>
$bizRule
,
'data'
=>
serialize
(
$data
),
'data'
=>
serialize
(
$data
),
));
));
return
new
Item
(
$this
,
$name
,
$type
,
$description
,
$bizRule
,
$data
);
return
new
Item
(
array
(
'manager'
=>
$this
,
'name'
=>
$name
,
'type'
=>
$type
,
'description'
=>
$description
,
'bizRule'
=>
$bizRule
,
'data'
=>
$data
,
));
}
}
/**
/**
...
@@ -439,7 +476,14 @@ class DbManager extends Manager
...
@@ -439,7 +476,14 @@ class DbManager extends Manager
if
((
$data
=
@
unserialize
(
$row
[
'data'
]))
===
false
)
{
if
((
$data
=
@
unserialize
(
$row
[
'data'
]))
===
false
)
{
$data
=
null
;
$data
=
null
;
}
}
return
new
Item
(
$this
,
$row
[
'name'
],
$row
[
'type'
],
$row
[
'description'
],
$row
[
'bizrule'
],
$data
);
return
new
Item
(
array
(
'manager'
=>
$this
,
'name'
=>
$row
[
'name'
],
'type'
=>
$row
[
'type'
],
'description'
=>
$row
[
'description'
],
'bizRule'
=>
$row
[
'biz_rule'
],
'data'
=>
$data
,
));
}
else
}
else
return
null
;
return
null
;
}
}
...
@@ -463,10 +507,10 @@ class DbManager extends Manager
...
@@ -463,10 +507,10 @@ class DbManager extends Manager
$this
->
db
->
createCommand
()
$this
->
db
->
createCommand
()
->
update
(
$this
->
itemTable
,
array
(
->
update
(
$this
->
itemTable
,
array
(
'name'
=>
$item
->
getName
(),
'name'
=>
$item
->
getName
(),
'type'
=>
$item
->
getType
()
,
'type'
=>
$item
->
type
,
'description'
=>
$item
->
getDescription
()
,
'description'
=>
$item
->
description
,
'biz
rule'
=>
$item
->
getBizRule
()
,
'biz
_rule'
=>
$item
->
bizRule
,
'data'
=>
serialize
(
$item
->
getData
()
),
'data'
=>
serialize
(
$item
->
data
),
),
array
(
),
array
(
'name'
=>
$oldName
===
null
?
$item
->
getName
()
:
$oldName
,
'name'
=>
$oldName
===
null
?
$item
->
getName
()
:
$oldName
,
));
));
...
...
yii/rbac/Item.php
View file @
491e6608
...
@@ -18,14 +18,6 @@ use yii\base\Object;
...
@@ -18,14 +18,6 @@ use yii\base\Object;
* A user may be assigned one or several authorization items (called [[Assignment]] assignments).
* A user may be assigned one or several authorization items (called [[Assignment]] assignments).
* He can perform an operation only when it is among his assigned items.
* He can perform an operation only when it is among his assigned items.
*
*
* @property Manager $authManager The authorization manager.
* @property integer $type The authorization item type. This could be 0 (operation), 1 (task) or 2 (role).
* @property string $name The item name.
* @property string $description The item description.
* @property string $bizRule The business rule associated with this item.
* @property mixed $data The additional data associated with this item.
* @property array $children All child items of this item.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @since 2.0
* @since 2.0
...
@@ -36,32 +28,30 @@ class Item extends Object
...
@@ -36,32 +28,30 @@ class Item extends Object
const
TYPE_TASK
=
1
;
const
TYPE_TASK
=
1
;
const
TYPE_ROLE
=
2
;
const
TYPE_ROLE
=
2
;
private
$_auth
;
/**
private
$_type
;
* @var Manager the auth manager of this item
*/
public
$manager
;
/**
* @var string the item description
*/
public
$description
;
/**
* @var string the business rule associated with this item
*/
public
$bizRule
;
/**
* @var mixed the additional data associated with this item
*/
public
$data
;
/**
* @var integer the authorization item type. This could be 0 (operation), 1 (task) or 2 (role).
*/
public
$type
;
private
$_name
;
private
$_name
;
private
$_oldName
;
private
$_oldName
;
private
$_description
;
private
$_bizRule
;
private
$_data
;
/**
* Constructor.
* @param Manager $auth authorization manager
* @param string $name authorization item name
* @param integer $type authorization item type. This can be 0 (operation), 1 (task) or 2 (role).
* @param string $description the description
* @param string $bizRule the business rule associated with this item
* @param mixed $data additional data for this item
*/
public
function
__construct
(
$auth
,
$name
,
$type
,
$description
=
''
,
$bizRule
=
null
,
$data
=
null
)
{
$this
->
_type
=
(
int
)
$type
;
$this
->
_auth
=
$auth
;
$this
->
_name
=
$name
;
$this
->
_description
=
$description
;
$this
->
_bizRule
=
$bizRule
;
$this
->
_data
=
$data
;
}
/**
/**
* Checks to see if the specified item is within the hierarchy starting from this item.
* Checks to see if the specified item is within the hierarchy starting from this item.
...
@@ -74,11 +64,11 @@ class Item extends Object
...
@@ -74,11 +64,11 @@ class Item extends Object
public
function
checkAccess
(
$itemName
,
$params
=
array
())
public
function
checkAccess
(
$itemName
,
$params
=
array
())
{
{
Yii
::
trace
(
'Checking permission: '
.
$this
->
_name
,
__METHOD__
);
Yii
::
trace
(
'Checking permission: '
.
$this
->
_name
,
__METHOD__
);
if
(
$this
->
_auth
->
executeBizRule
(
$this
->
_bizRule
,
$params
,
$this
->
_
data
))
{
if
(
$this
->
manager
->
executeBizRule
(
$this
->
bizRule
,
$params
,
$this
->
data
))
{
if
(
$this
->
_name
==
$itemName
)
{
if
(
$this
->
_name
==
$itemName
)
{
return
true
;
return
true
;
}
}
foreach
(
$this
->
_auth
->
getItemChildren
(
$this
->
_name
)
as
$item
)
{
foreach
(
$this
->
manager
->
getItemChildren
(
$this
->
_name
)
as
$item
)
{
if
(
$item
->
checkAccess
(
$itemName
,
$params
))
{
if
(
$item
->
checkAccess
(
$itemName
,
$params
))
{
return
true
;
return
true
;
}
}
...
@@ -88,22 +78,6 @@ class Item extends Object
...
@@ -88,22 +78,6 @@ class Item extends Object
}
}
/**
/**
* @return Manager the authorization manager
*/
public
function
getManager
()
{
return
$this
->
_auth
;
}
/**
* @return integer the authorization item type. This could be 0 (operation), 1 (task) or 2 (role).
*/
public
function
getType
()
{
return
$this
->
_type
;
}
/**
* @return string the item name
* @return string the item name
*/
*/
public
function
getName
()
public
function
getName
()
...
@@ -123,60 +97,6 @@ class Item extends Object
...
@@ -123,60 +97,6 @@ class Item extends Object
}
}
/**
/**
* @return string the item description
*/
public
function
getDescription
()
{
return
$this
->
_description
;
}
/**
* @param string $value the item description
*/
public
function
setDescription
(
$value
)
{
if
(
$this
->
_description
!==
$value
)
{
$this
->
_description
=
$value
;
}
}
/**
* @return string the business rule associated with this item
*/
public
function
getBizRule
()
{
return
$this
->
_bizRule
;
}
/**
* @param string $value the business rule associated with this item
*/
public
function
setBizRule
(
$value
)
{
if
(
$this
->
_bizRule
!==
$value
)
{
$this
->
_bizRule
=
$value
;
}
}
/**
* @return mixed the additional data associated with this item
*/
public
function
getData
()
{
return
$this
->
_data
;
}
/**
* @param mixed $value the additional data associated with this item
*/
public
function
setData
(
$value
)
{
if
(
$this
->
_data
!==
$value
)
{
$this
->
_data
=
$value
;
}
}
/**
* Adds a child item.
* Adds a child item.
* @param string $name the name of the child item
* @param string $name the name of the child item
* @return boolean whether the item is added successfully
* @return boolean whether the item is added successfully
...
@@ -185,7 +105,7 @@ class Item extends Object
...
@@ -185,7 +105,7 @@ class Item extends Object
*/
*/
public
function
addChild
(
$name
)
public
function
addChild
(
$name
)
{
{
return
$this
->
_auth
->
addItemChild
(
$this
->
_name
,
$name
);
return
$this
->
manager
->
addItemChild
(
$this
->
_name
,
$name
);
}
}
/**
/**
...
@@ -197,7 +117,7 @@ class Item extends Object
...
@@ -197,7 +117,7 @@ class Item extends Object
*/
*/
public
function
removeChild
(
$name
)
public
function
removeChild
(
$name
)
{
{
return
$this
->
_auth
->
removeItemChild
(
$this
->
_name
,
$name
);
return
$this
->
manager
->
removeItemChild
(
$this
->
_name
,
$name
);
}
}
/**
/**
...
@@ -208,7 +128,7 @@ class Item extends Object
...
@@ -208,7 +128,7 @@ class Item extends Object
*/
*/
public
function
hasChild
(
$name
)
public
function
hasChild
(
$name
)
{
{
return
$this
->
_auth
->
hasItemChild
(
$this
->
_name
,
$name
);
return
$this
->
manager
->
hasItemChild
(
$this
->
_name
,
$name
);
}
}
/**
/**
...
@@ -218,7 +138,7 @@ class Item extends Object
...
@@ -218,7 +138,7 @@ class Item extends Object
*/
*/
public
function
getChildren
()
public
function
getChildren
()
{
{
return
$this
->
_auth
->
getItemChildren
(
$this
->
_name
);
return
$this
->
manager
->
getItemChildren
(
$this
->
_name
);
}
}
/**
/**
...
@@ -233,7 +153,7 @@ class Item extends Object
...
@@ -233,7 +153,7 @@ class Item extends Object
*/
*/
public
function
assign
(
$userId
,
$bizRule
=
null
,
$data
=
null
)
public
function
assign
(
$userId
,
$bizRule
=
null
,
$data
=
null
)
{
{
return
$this
->
_auth
->
assign
(
$userId
,
$this
->
_name
,
$bizRule
,
$data
);
return
$this
->
manager
->
assign
(
$userId
,
$this
->
_name
,
$bizRule
,
$data
);
}
}
/**
/**
...
@@ -244,7 +164,7 @@ class Item extends Object
...
@@ -244,7 +164,7 @@ class Item extends Object
*/
*/
public
function
revoke
(
$userId
)
public
function
revoke
(
$userId
)
{
{
return
$this
->
_auth
->
revoke
(
$userId
,
$this
->
_name
);
return
$this
->
manager
->
revoke
(
$userId
,
$this
->
_name
);
}
}
/**
/**
...
@@ -255,7 +175,7 @@ class Item extends Object
...
@@ -255,7 +175,7 @@ class Item extends Object
*/
*/
public
function
isAssigned
(
$userId
)
public
function
isAssigned
(
$userId
)
{
{
return
$this
->
_auth
->
isAssigned
(
$userId
,
$this
->
_name
);
return
$this
->
manager
->
isAssigned
(
$userId
,
$this
->
_name
);
}
}
/**
/**
...
@@ -267,7 +187,7 @@ class Item extends Object
...
@@ -267,7 +187,7 @@ class Item extends Object
*/
*/
public
function
getAssignment
(
$userId
)
public
function
getAssignment
(
$userId
)
{
{
return
$this
->
_auth
->
getAssignment
(
$userId
,
$this
->
_name
);
return
$this
->
manager
->
getAssignment
(
$userId
,
$this
->
_name
);
}
}
/**
/**
...
@@ -275,7 +195,7 @@ class Item extends Object
...
@@ -275,7 +195,7 @@ class Item extends Object
*/
*/
public
function
save
()
public
function
save
()
{
{
$this
->
_auth
->
saveItem
(
$this
,
$this
->
_oldName
);
$this
->
manager
->
saveItem
(
$this
,
$this
->
_oldName
);
unset
(
$this
->
_oldName
);
unset
(
$this
->
_oldName
);
}
}
}
}
yii/rbac/Manager.php
View file @
491e6608
...
@@ -161,7 +161,7 @@ abstract class Manager extends Component
...
@@ -161,7 +161,7 @@ abstract class Manager extends Component
{
{
static
$types
=
array
(
'operation'
,
'task'
,
'role'
);
static
$types
=
array
(
'operation'
,
'task'
,
'role'
);
if
(
$parentType
<
$childType
)
{
if
(
$parentType
<
$childType
)
{
throw
new
InvalidParamException
(
"Cannot add an item of type '
$types[$childType]
' to an item of type '
$types[$parentType]
'."
);
throw
new
InvalidParamException
(
"Cannot add an item of type '
{
$types
[
$childType
]
}
' to an item of type '
{
$types
[
$parentType
]
}
'."
);
}
}
}
}
...
...
yii/rbac/PhpManager.php
View file @
491e6608
...
@@ -80,14 +80,14 @@ class PhpManager extends Manager
...
@@ -80,14 +80,14 @@ class PhpManager extends Manager
if
(
!
isset
(
$params
[
'userId'
]))
{
if
(
!
isset
(
$params
[
'userId'
]))
{
$params
[
'userId'
]
=
$userId
;
$params
[
'userId'
]
=
$userId
;
}
}
if
(
$this
->
executeBizRule
(
$item
->
getBizRule
(),
$params
,
$item
->
getData
()
))
{
if
(
$this
->
executeBizRule
(
$item
->
bizRule
,
$params
,
$item
->
data
))
{
if
(
in_array
(
$itemName
,
$this
->
defaultRoles
))
{
if
(
in_array
(
$itemName
,
$this
->
defaultRoles
))
{
return
true
;
return
true
;
}
}
if
(
isset
(
$this
->
_assignments
[
$userId
][
$itemName
]))
{
if
(
isset
(
$this
->
_assignments
[
$userId
][
$itemName
]))
{
/** @var $assignment Assignment */
/** @var $assignment Assignment */
$assignment
=
$this
->
_assignments
[
$userId
][
$itemName
];
$assignment
=
$this
->
_assignments
[
$userId
][
$itemName
];
if
(
$this
->
executeBizRule
(
$assignment
->
getBizRule
(),
$params
,
$assignment
->
getData
()
))
{
if
(
$this
->
executeBizRule
(
$assignment
->
bizRule
,
$params
,
$assignment
->
data
))
{
return
true
;
return
true
;
}
}
}
}
...
@@ -117,7 +117,7 @@ class PhpManager extends Manager
...
@@ -117,7 +117,7 @@ class PhpManager extends Manager
$child
=
$this
->
_items
[
$childName
];
$child
=
$this
->
_items
[
$childName
];
/** @var $item Item */
/** @var $item Item */
$item
=
$this
->
_items
[
$itemName
];
$item
=
$this
->
_items
[
$itemName
];
$this
->
checkItemChildType
(
$item
->
getType
(),
$child
->
getType
()
);
$this
->
checkItemChildType
(
$item
->
type
,
$child
->
type
);
if
(
$this
->
detectLoop
(
$itemName
,
$childName
))
{
if
(
$this
->
detectLoop
(
$itemName
,
$childName
))
{
throw
new
InvalidCallException
(
"Cannot add '
$childName
' as a child of '
$itemName
'. A loop has been detected."
);
throw
new
InvalidCallException
(
"Cannot add '
$childName
' as a child of '
$itemName
'. A loop has been detected."
);
}
}
...
@@ -194,7 +194,13 @@ class PhpManager extends Manager
...
@@ -194,7 +194,13 @@ class PhpManager extends Manager
}
elseif
(
isset
(
$this
->
_assignments
[
$userId
][
$itemName
]))
{
}
elseif
(
isset
(
$this
->
_assignments
[
$userId
][
$itemName
]))
{
throw
new
InvalidParamException
(
"Authorization item '
$itemName
' has already been assigned to user '
$userId
'."
);
throw
new
InvalidParamException
(
"Authorization item '
$itemName
' has already been assigned to user '
$userId
'."
);
}
else
{
}
else
{
return
$this
->
_assignments
[
$userId
][
$itemName
]
=
new
Assignment
(
$this
,
$userId
,
$itemName
,
$bizRule
,
$data
);
return
$this
->
_assignments
[
$userId
][
$itemName
]
=
new
Assignment
(
array
(
'manager'
=>
$this
,
'userId'
=>
$userId
,
'itemName'
=>
$itemName
,
'bizRule'
=>
$bizRule
,
'data'
=>
$data
,
));
}
}
}
}
...
@@ -265,15 +271,15 @@ class PhpManager extends Manager
...
@@ -265,15 +271,15 @@ class PhpManager extends Manager
if
(
$userId
===
null
)
{
if
(
$userId
===
null
)
{
foreach
(
$this
->
_items
as
$name
=>
$item
)
{
foreach
(
$this
->
_items
as
$name
=>
$item
)
{
/** @var $item Item */
/** @var $item Item */
if
(
$item
->
getType
()
==
$type
)
{
if
(
$item
->
type
==
$type
)
{
$items
[
$name
]
=
$item
;
$items
[
$name
]
=
$item
;
}
}
}
}
}
elseif
(
isset
(
$this
->
_assignments
[
$userId
]))
{
}
elseif
(
isset
(
$this
->
_assignments
[
$userId
]))
{
foreach
(
$this
->
_assignments
[
$userId
]
as
$assignment
)
{
foreach
(
$this
->
_assignments
[
$userId
]
as
$assignment
)
{
/** @var $assignment Assignment */
/** @var $assignment Assignment */
$name
=
$assignment
->
getItemName
()
;
$name
=
$assignment
->
itemName
;
if
(
isset
(
$this
->
_items
[
$name
])
&&
(
$type
===
null
||
$this
->
_items
[
$name
]
->
getType
()
==
$type
))
{
if
(
isset
(
$this
->
_items
[
$name
])
&&
(
$type
===
null
||
$this
->
_items
[
$name
]
->
type
==
$type
))
{
$items
[
$name
]
=
$this
->
_items
[
$name
];
$items
[
$name
]
=
$this
->
_items
[
$name
];
}
}
}
}
...
@@ -301,7 +307,14 @@ class PhpManager extends Manager
...
@@ -301,7 +307,14 @@ class PhpManager extends Manager
if
(
isset
(
$this
->
_items
[
$name
]))
{
if
(
isset
(
$this
->
_items
[
$name
]))
{
throw
new
Exception
(
'Unable to add an item whose name is the same as an existing item.'
);
throw
new
Exception
(
'Unable to add an item whose name is the same as an existing item.'
);
}
}
return
$this
->
_items
[
$name
]
=
new
Item
(
$this
,
$name
,
$type
,
$description
,
$bizRule
,
$data
);
return
$this
->
_items
[
$name
]
=
new
Item
(
array
(
'manager'
=>
$this
,
'name'
=>
$name
,
'type'
=>
$type
,
'description'
=>
$description
,
'bizRule'
=>
$bizRule
,
'data'
=>
$data
,
));
}
}
/**
/**
...
@@ -390,10 +403,10 @@ class PhpManager extends Manager
...
@@ -390,10 +403,10 @@ class PhpManager extends Manager
foreach
(
$this
->
_items
as
$name
=>
$item
)
{
foreach
(
$this
->
_items
as
$name
=>
$item
)
{
/** @var $item Item */
/** @var $item Item */
$items
[
$name
]
=
array
(
$items
[
$name
]
=
array
(
'type'
=>
$item
->
getType
()
,
'type'
=>
$item
->
type
,
'description'
=>
$item
->
getDescription
()
,
'description'
=>
$item
->
description
,
'bizRule'
=>
$item
->
getBizRule
()
,
'bizRule'
=>
$item
->
bizRule
,
'data'
=>
$item
->
getData
()
,
'data'
=>
$item
->
data
,
);
);
if
(
isset
(
$this
->
_children
[
$name
]))
{
if
(
isset
(
$this
->
_children
[
$name
]))
{
foreach
(
$this
->
_children
[
$name
]
as
$child
)
{
foreach
(
$this
->
_children
[
$name
]
as
$child
)
{
...
@@ -408,8 +421,8 @@ class PhpManager extends Manager
...
@@ -408,8 +421,8 @@ class PhpManager extends Manager
/** @var $assignment Assignment */
/** @var $assignment Assignment */
if
(
isset
(
$items
[
$name
]))
{
if
(
isset
(
$items
[
$name
]))
{
$items
[
$name
][
'assignments'
][
$userId
]
=
array
(
$items
[
$name
][
'assignments'
][
$userId
]
=
array
(
'bizRule'
=>
$assignment
->
getBizRule
()
,
'bizRule'
=>
$assignment
->
bizRule
,
'data'
=>
$assignment
->
getData
()
,
'data'
=>
$assignment
->
data
,
);
);
}
}
}
}
...
@@ -428,7 +441,14 @@ class PhpManager extends Manager
...
@@ -428,7 +441,14 @@ class PhpManager extends Manager
$items
=
$this
->
loadFromFile
(
$this
->
authFile
);
$items
=
$this
->
loadFromFile
(
$this
->
authFile
);
foreach
(
$items
as
$name
=>
$item
)
{
foreach
(
$items
as
$name
=>
$item
)
{
$this
->
_items
[
$name
]
=
new
Item
(
$this
,
$name
,
$item
[
'type'
],
$item
[
'description'
],
$item
[
'bizRule'
],
$item
[
'data'
]);
$this
->
_items
[
$name
]
=
new
Item
(
array
(
'manager'
=>
$this
,
'name'
=>
$name
,
'type'
=>
$item
[
'type'
],
'description'
=>
$item
[
'description'
],
'bizRule'
=>
$item
[
'bizRule'
],
'data'
=>
$item
[
'data'
],
));
}
}
foreach
(
$items
as
$name
=>
$item
)
{
foreach
(
$items
as
$name
=>
$item
)
{
...
@@ -441,7 +461,13 @@ class PhpManager extends Manager
...
@@ -441,7 +461,13 @@ class PhpManager extends Manager
}
}
if
(
isset
(
$item
[
'assignments'
]))
{
if
(
isset
(
$item
[
'assignments'
]))
{
foreach
(
$item
[
'assignments'
]
as
$userId
=>
$assignment
)
{
foreach
(
$item
[
'assignments'
]
as
$userId
=>
$assignment
)
{
$this
->
_assignments
[
$userId
][
$name
]
=
new
Assignment
(
$this
,
$name
,
$userId
,
$assignment
[
'bizRule'
],
$assignment
[
'data'
]);
$this
->
_assignments
[
$userId
][
$name
]
=
new
Assignment
(
array
(
'manager'
=>
$this
,
'userId'
=>
$userId
,
'itemName'
=>
$name
,
'bizRule'
=>
$assignment
[
'bizRule'
],
'data'
=>
$assignment
[
'data'
],
));
}
}
}
}
}
}
...
...
yii/rbac/schema-mssql.sql
View file @
491e6608
...
@@ -18,9 +18,10 @@ create table [tbl_auth_item]
...
@@ -18,9 +18,10 @@ create table [tbl_auth_item]
[
name
]
varchar
(
64
)
not
null
,
[
name
]
varchar
(
64
)
not
null
,
[
type
]
integer
not
null
,
[
type
]
integer
not
null
,
[
description
]
text
,
[
description
]
text
,
[
bizrule
]
text
,
[
biz
_
rule
]
text
,
[
data
]
text
,
[
data
]
text
,
primary
key
([
name
])
primary
key
([
name
]),
key
[
type
]
([
type
])
);
);
create
table
[
tbl_auth_item_child
]
create
table
[
tbl_auth_item_child
]
...
@@ -36,7 +37,7 @@ create table [tbl_auth_assignment]
...
@@ -36,7 +37,7 @@ create table [tbl_auth_assignment]
(
(
[
item_name
]
varchar
(
64
)
not
null
,
[
item_name
]
varchar
(
64
)
not
null
,
[
user_id
]
varchar
(
64
)
not
null
,
[
user_id
]
varchar
(
64
)
not
null
,
[
bizrule
]
text
,
[
biz
_
rule
]
text
,
[
data
]
text
,
[
data
]
text
,
primary
key
([
item_name
],[
user_id
]),
primary
key
([
item_name
],[
user_id
]),
foreign
key
([
item_name
])
references
[
tbl_auth_item
]
([
name
])
on
delete
cascade
on
update
cascade
foreign
key
([
item_name
])
references
[
tbl_auth_item
]
([
name
])
on
delete
cascade
on
update
cascade
...
...
yii/rbac/schema-mysql.sql
View file @
491e6608
...
@@ -18,9 +18,10 @@ create table `tbl_auth_item`
...
@@ -18,9 +18,10 @@ create table `tbl_auth_item`
`name`
varchar
(
64
)
not
null
,
`name`
varchar
(
64
)
not
null
,
`type`
integer
not
null
,
`type`
integer
not
null
,
`description`
text
,
`description`
text
,
`bizrule`
text
,
`biz
_
rule`
text
,
`data`
text
,
`data`
text
,
primary
key
(
`name`
)
primary
key
(
`name`
),
key
`type`
(
`type`
)
)
engine
InnoDB
;
)
engine
InnoDB
;
create
table
`tbl_auth_item_child`
create
table
`tbl_auth_item_child`
...
@@ -36,7 +37,7 @@ create table `tbl_auth_assignment`
...
@@ -36,7 +37,7 @@ create table `tbl_auth_assignment`
(
(
`item_name`
varchar
(
64
)
not
null
,
`item_name`
varchar
(
64
)
not
null
,
`user_id`
varchar
(
64
)
not
null
,
`user_id`
varchar
(
64
)
not
null
,
`bizrule`
text
,
`biz
_
rule`
text
,
`data`
text
,
`data`
text
,
primary
key
(
`item_name`
,
`user_id`
),
primary
key
(
`item_name`
,
`user_id`
),
foreign
key
(
`item_name`
)
references
`tbl_auth_item`
(
`name`
)
on
delete
cascade
on
update
cascade
foreign
key
(
`item_name`
)
references
`tbl_auth_item`
(
`name`
)
on
delete
cascade
on
update
cascade
...
...
yii/rbac/schema-oci.sql
View file @
491e6608
...
@@ -18,9 +18,10 @@ create table "tbl_auth_item"
...
@@ -18,9 +18,10 @@ create table "tbl_auth_item"
"name"
varchar
(
64
)
not
null
,
"name"
varchar
(
64
)
not
null
,
"type"
integer
not
null
,
"type"
integer
not
null
,
"description"
text
,
"description"
text
,
"bizrule"
text
,
"biz
_
rule"
text
,
"data"
text
,
"data"
text
,
primary
key
(
"name"
)
primary
key
(
"name"
),
key
"type"
(
"type"
)
);
);
create
table
"tbl_auth_item_child"
create
table
"tbl_auth_item_child"
...
@@ -36,7 +37,7 @@ create table "tbl_auth_assignment"
...
@@ -36,7 +37,7 @@ create table "tbl_auth_assignment"
(
(
"item_name"
varchar
(
64
)
not
null
,
"item_name"
varchar
(
64
)
not
null
,
"user_id"
varchar
(
64
)
not
null
,
"user_id"
varchar
(
64
)
not
null
,
"bizrule"
text
,
"biz
_
rule"
text
,
"data"
text
,
"data"
text
,
primary
key
(
"item_name"
,
"user_id"
),
primary
key
(
"item_name"
,
"user_id"
),
foreign
key
(
"item_name"
)
references
"tbl_auth_item"
(
"name"
)
on
delete
cascade
on
update
cascade
foreign
key
(
"item_name"
)
references
"tbl_auth_item"
(
"name"
)
on
delete
cascade
on
update
cascade
...
...
yii/rbac/schema-pgsql.sql
View file @
491e6608
...
@@ -18,9 +18,10 @@ create table "tbl_auth_item"
...
@@ -18,9 +18,10 @@ create table "tbl_auth_item"
"name"
varchar
(
64
)
not
null
,
"name"
varchar
(
64
)
not
null
,
"type"
integer
not
null
,
"type"
integer
not
null
,
"description"
text
,
"description"
text
,
"bizrule"
text
,
"biz
_
rule"
text
,
"data"
text
,
"data"
text
,
primary
key
(
"name"
)
primary
key
(
"name"
),
key
"type"
(
"type"
)
);
);
create
table
"tbl_auth_item_child"
create
table
"tbl_auth_item_child"
...
@@ -36,7 +37,7 @@ create table "tbl_auth_assignment"
...
@@ -36,7 +37,7 @@ create table "tbl_auth_assignment"
(
(
"item_name"
varchar
(
64
)
not
null
,
"item_name"
varchar
(
64
)
not
null
,
"user_id"
varchar
(
64
)
not
null
,
"user_id"
varchar
(
64
)
not
null
,
"bizrule"
text
,
"biz
_
rule"
text
,
"data"
text
,
"data"
text
,
primary
key
(
"item_name"
,
"user_id"
),
primary
key
(
"item_name"
,
"user_id"
),
foreign
key
(
"item_name"
)
references
"tbl_auth_item"
(
"name"
)
on
delete
cascade
on
update
cascade
foreign
key
(
"item_name"
)
references
"tbl_auth_item"
(
"name"
)
on
delete
cascade
on
update
cascade
...
...
yii/rbac/schema-sqlite.sql
View file @
491e6608
...
@@ -18,9 +18,10 @@ create table 'tbl_auth_item'
...
@@ -18,9 +18,10 @@ create table 'tbl_auth_item'
"name"
varchar
(
64
)
not
null
,
"name"
varchar
(
64
)
not
null
,
"type"
integer
not
null
,
"type"
integer
not
null
,
"description"
text
,
"description"
text
,
"bizrule"
text
,
"biz
_
rule"
text
,
"data"
text
,
"data"
text
,
primary
key
(
"name"
)
primary
key
(
"name"
),
key
"type"
(
"type"
)
);
);
create
table
'tbl_auth_item_child'
create
table
'tbl_auth_item_child'
...
@@ -36,7 +37,7 @@ create table 'tbl_auth_assignment'
...
@@ -36,7 +37,7 @@ create table 'tbl_auth_assignment'
(
(
"item_name"
varchar
(
64
)
not
null
,
"item_name"
varchar
(
64
)
not
null
,
"user_id"
varchar
(
64
)
not
null
,
"user_id"
varchar
(
64
)
not
null
,
"bizrule"
text
,
"biz
_
rule"
text
,
"data"
text
,
"data"
text
,
primary
key
(
"item_name"
,
"user_id"
),
primary
key
(
"item_name"
,
"user_id"
),
foreign
key
(
"item_name"
)
references
'tbl_auth_item'
(
"name"
)
on
delete
cascade
on
update
cascade
foreign
key
(
"item_name"
)
references
'tbl_auth_item'
(
"name"
)
on
delete
cascade
on
update
cascade
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment