Class yii\rbac\DbManager
Inheritance | yii\rbac\DbManager » yii\rbac\BaseManager » yii\base\Component » yii\base\Object |
---|---|
Implements | yii\base\Configurable, yii\rbac\ManagerInterface |
Subclasses | lispa\amos\core\rbac\AuthManager, lispa\amos\core\rbac\DbManagerCached |
Available since version | 2.0 |
Source Code | https://github.com/yiisoft/yii2/blob/master/framework/rbac/DbManager.php |
DbManager represents an authorization manager that stores authorization information in database.
The database connection is specified by $db. The database schema could be initialized by applying migration:
yii migrate --migrationPath=@yii/rbac/migrations/
If you don't want to use migration and need SQL instead, files for all databases are in migrations directory.
You may change the names of the tables used to store the authorization and rule data by setting $itemTable, $itemChildTable, $assignmentTable and $ruleTable.
For more details and usage information on DbManager, see the guide article on security authorization.
Public Properties
Property | Type | Description | Defined By |
---|---|---|---|
$assignmentTable | string | The name of the table storing authorization item assignments. | yii\rbac\DbManager |
$behaviors | yii\base\Behavior[] | List of behaviors attached to this component | yii\base\Component |
$cache | yii\caching\Cache|array|string | The cache used to improve RBAC performance. | yii\rbac\DbManager |
$cacheKey | string | The key used to store RBAC data in cache | yii\rbac\DbManager |
$db | yii\db\Connection|array|string | The DB connection object or the application component ID of the DB connection. | yii\rbac\DbManager |
$defaultRoleInstances | yii\rbac\Role[] | Default roles. | yii\rbac\BaseManager |
$defaultRoles | array | A list of role names that are assigned to every user automatically without calling assign(). | yii\rbac\BaseManager |
$itemChildTable | string | The name of the table storing authorization item hierarchy. | yii\rbac\DbManager |
$itemTable | string | The name of the table storing authorization items. | yii\rbac\DbManager |
$permissions | yii\rbac\Permission[] | All permissions in the system. | yii\rbac\BaseManager |
$roles | yii\rbac\Role[] | All roles in the system. | yii\rbac\BaseManager |
$ruleTable | string | The name of the table storing rules. | yii\rbac\DbManager |
Protected Properties
Property | Type | Description | Defined By |
---|---|---|---|
$items | yii\rbac\Item[] | All auth items (name => Item) | yii\rbac\DbManager |
$parents | array | Auth item parent-child relationships (childName => list of parents) | yii\rbac\DbManager |
$rules | yii\rbac\Rule[] | All auth rules (name => Rule) | yii\rbac\DbManager |
Public Methods
Method | Description | Defined By |
---|---|---|
__call() | Calls the named method which is not a class method. | yii\base\Component |
__clone() | This method is called after the object is created by cloning an existing one. | yii\base\Component |
__construct() | Constructor. | yii\base\Object |
__get() | Returns the value of a component property. | yii\base\Component |
__isset() | Checks if a property is set, i.e. defined and not null. | yii\base\Component |
__set() | Sets the value of a component property. | yii\base\Component |
__unset() | Sets a component property to be null. | yii\base\Component |
add() | Adds a role, permission or rule to the RBAC system. | yii\rbac\BaseManager |
addChild() | Adds an item as a child of another item. | yii\rbac\DbManager |
assign() | Assigns a role to a user. | yii\rbac\DbManager |
attachBehavior() | Attaches a behavior to this component. | yii\base\Component |
attachBehaviors() | Attaches a list of behaviors to the component. | yii\base\Component |
behaviors() | Returns a list of behaviors that this component should behave as. | yii\base\Component |
canAddChild() | Checks the possibility of adding a child to parent | yii\rbac\DbManager |
canGetProperty() | Returns a value indicating whether a property can be read. | yii\base\Component |
canSetProperty() | Returns a value indicating whether a property can be set. | yii\base\Component |
checkAccess() | yii\rbac\DbManager | |
className() | Returns the fully qualified name of this class. | yii\base\Object |
createPermission() | Creates a new Permission object. | yii\rbac\BaseManager |
createRole() | Creates a new Role object. | yii\rbac\BaseManager |
detachBehavior() | Detaches a behavior from the component. | yii\base\Component |
detachBehaviors() | Detaches all behaviors from the component. | yii\base\Component |
ensureBehaviors() | Makes sure that the behaviors declared in behaviors() are attached to this component. | yii\base\Component |
getAssignment() | Returns the assignment information regarding a role and a user. | yii\rbac\DbManager |
getAssignments() | Returns all role assignment information for the specified user. | yii\rbac\DbManager |
getBehavior() | Returns the named behavior object. | yii\base\Component |
getBehaviors() | Returns all behaviors attached to this component. | yii\base\Component |
getChildRoles() | Returns child roles of the role specified. Depth isn't limited. | yii\rbac\DbManager |
getChildren() | Returns the child permissions and/or roles. | yii\rbac\DbManager |
getDefaultRoleInstances() | Returns defaultRoles as array of Role objects | yii\rbac\BaseManager |
getPermission() | Returns the named permission. | yii\rbac\BaseManager |
getPermissions() | Returns all permissions in the system. | yii\rbac\BaseManager |
getPermissionsByRole() | Returns all permissions that the specified role represents. | yii\rbac\DbManager |
getPermissionsByUser() | Returns all permissions that the user has. | yii\rbac\DbManager |
getRole() | Returns the named role. | yii\rbac\BaseManager |
getRoles() | Returns all roles in the system. | yii\rbac\BaseManager |
getRolesByUser() | Returns the roles that are assigned to the user via assign(). | yii\rbac\DbManager |
getRule() | Returns the rule of the specified name. | yii\rbac\DbManager |
getRules() | Returns all rules available in the system. | yii\rbac\DbManager |
getUserIdsByRole() | Returns all role assignment information for the specified role. | yii\rbac\DbManager |
hasChild() | Returns a value indicating whether the child already exists for the parent. | yii\rbac\DbManager |
hasEventHandlers() | Returns a value indicating whether there is any handler attached to the named event. | yii\base\Component |
hasMethod() | Returns a value indicating whether a method is defined. | yii\base\Component |
hasProperty() | Returns a value indicating whether a property is defined for this component. | yii\base\Component |
init() | Initializes the application component. | yii\rbac\DbManager |
invalidateCache() | yii\rbac\DbManager | |
loadFromCache() | yii\rbac\DbManager | |
off() | Detaches an existing event handler from this component. | yii\base\Component |
on() | Attaches an event handler to an event. | yii\base\Component |
remove() | Removes a role, permission or rule from the RBAC system. | yii\rbac\BaseManager |
removeAll() | Removes all authorization data, including roles, permissions, rules, and assignments. | yii\rbac\DbManager |
removeAllAssignments() | Removes all role assignments. | yii\rbac\DbManager |
removeAllPermissions() | Removes all permissions. | yii\rbac\DbManager |
removeAllRoles() | Removes all roles. | yii\rbac\DbManager |
removeAllRules() | Removes all rules. | yii\rbac\DbManager |
removeChild() | Removes a child from its parent. | yii\rbac\DbManager |
removeChildren() | Removed all children form their parent. | yii\rbac\DbManager |
revoke() | Revokes a role from a user. | yii\rbac\DbManager |
revokeAll() | Revokes all roles from a user. | yii\rbac\DbManager |
trigger() | Triggers an event. | yii\base\Component |
update() | Updates the specified role, permission or rule in the system. | yii\rbac\BaseManager |
Protected Methods
Method | Description | Defined By |
---|---|---|
addItem() | Adds an auth item to the RBAC system. | yii\rbac\DbManager |
addRule() | Adds a rule to the RBAC system. | yii\rbac\DbManager |
checkAccessFromCache() | Performs access check for the specified user based on the data loaded from cache. | yii\rbac\DbManager |
checkAccessRecursive() | Performs access check for the specified user. | yii\rbac\DbManager |
detectLoop() | Checks whether there is a loop in the authorization item hierarchy. | yii\rbac\DbManager |
executeRule() | Executes the rule associated with the specified auth item. | yii\rbac\BaseManager |
getChildrenList() | Returns the children for every parent. | yii\rbac\DbManager |
getChildrenRecursive() | Recursively finds all children and grand children of the specified item. | yii\rbac\DbManager |
getDirectPermissionsByUser() | Returns all permissions that are directly assigned to user. | yii\rbac\DbManager |
getInheritedPermissionsByUser() | Returns all permissions that the user inherits from the roles assigned to him. | yii\rbac\DbManager |
getItem() | Returns the named auth item. | yii\rbac\DbManager |
getItems() | Returns the items of the specified type. | yii\rbac\DbManager |
hasNoAssignments() | Checks whether array of $assignments is empty and $defaultRoles property is empty as well | yii\rbac\BaseManager |
populateItem() | Populates an auth item with the data fetched from database | yii\rbac\DbManager |
removeAllItems() | Removes all auth items of the specified type. | yii\rbac\DbManager |
removeItem() | Removes an auth item from the RBAC system. | yii\rbac\DbManager |
removeRule() | Removes a rule from the RBAC system. | yii\rbac\DbManager |
supportsCascadeUpdate() | Returns a value indicating whether the database supports cascading update and delete. | yii\rbac\DbManager |
updateItem() | Updates an auth item in the RBAC system. | yii\rbac\DbManager |
updateRule() | Updates a rule to the RBAC system. | yii\rbac\DbManager |
Property Details
The name of the table storing authorization item assignments. Defaults to "auth_assignment".
The cache used to improve RBAC performance. This can be one of the following:
- an application component ID (e.g.
cache
) - a configuration array
- a yii\caching\Cache object
When this is not set, it means caching is not enabled.
Note that by enabling RBAC cache, all auth items, rules and auth item parent-child relationships will be cached and loaded into memory. This will improve the performance of RBAC permission check. However, it does require extra memory and as a result may not be appropriate if your RBAC system contains too many auth items. You should seek other RBAC implementations (e.g. RBAC based on Redis storage) in this case.
Also note that if you modify RBAC items, rules or parent-child relationships from outside of this component, you have to manually call invalidateCache() to ensure data consistency.
The key used to store RBAC data in cache
See also $cache.
The DB connection object or the application component ID of the DB connection. After the DbManager object is created, if you want to change this property, you should only assign it with a DB connection object. Starting from version 2.0.2, this can also be a configuration array for creating the object.
The name of the table storing authorization item hierarchy. Defaults to "auth_item_child".
The name of the table storing authorization items. Defaults to "auth_item".
All auth items (name => Item)
Auth item parent-child relationships (childName => list of parents)
The name of the table storing rules. Defaults to "auth_rule".
All auth rules (name => Rule)
Method Details
Adds an item as a child of another item.
public boolean addChild ( $parent, $child ) | ||
$parent | yii\rbac\Item | |
$child | yii\rbac\Item | |
return | boolean | Whether the child successfully added |
---|---|---|
throws | yii\base\Exception | if the parent-child relationship already exists or if a loop has been detected. |
Adds an auth item to the RBAC system.
protected boolean addItem ( $item ) | ||
$item | yii\rbac\Item | The item to add |
return | boolean | Whether the auth item is successfully added to the system |
---|---|---|
throws | Exception | if data validation or saving fails (such as the name of the role or permission is not unique) |
Adds a rule to the RBAC system.
protected boolean addRule ( $rule ) | ||
$rule | yii\rbac\Rule | The rule to add |
return | boolean | Whether the rule is successfully added to the system |
---|---|---|
throws | Exception | if data validation or saving fails (such as the name of the rule is not unique) |
Assigns a role to a user.
public yii\rbac\Assignment assign ( $role, $userId ) | ||
$role | yii\rbac\Role | |
$userId | string|integer | The user ID (see yii\web\User::$id) |
return | yii\rbac\Assignment | The role assignment information. |
---|---|---|
throws | Exception | if the role has already been assigned to the user |
Checks the possibility of adding a child to parent
public boolean canAddChild ( $parent, $child ) | ||
$parent | yii\rbac\Item | The parent item |
$child | yii\rbac\Item | The child item to be added to the hierarchy |
return | boolean | Possibility of adding |
---|
public void checkAccess ( $userId, $permissionName, $params = [] ) | ||
$userId | ||
$permissionName | ||
$params |
Performs access check for the specified user based on the data loaded from cache.
This method is internally called by checkAccess() when $cache is enabled.
protected boolean checkAccessFromCache ( $user, $itemName, $params, $assignments ) | ||
$user | string|integer | The user ID. This should can be either an integer or a string representing the unique identifier of a user. See yii\web\User::$id. |
$itemName | string | The name of the operation that need access check |
$params | array | Name-value pairs that would be passed to rules associated
with the tasks and roles assigned to the user. A param with name 'user' is added to this array,
which holds the value of |
$assignments | yii\rbac\Assignment[] | The assignments to the specified user |
return | boolean | Whether the operations can be performed by the user. |
---|
Performs access check for the specified user.
This method is internally called by checkAccess().
protected boolean checkAccessRecursive ( $user, $itemName, $params, $assignments ) | ||
$user | string|integer | The user ID. This should can be either an integer or a string representing the unique identifier of a user. See yii\web\User::$id. |
$itemName | string | The name of the operation that need access check |
$params | array | Name-value pairs that would be passed to rules associated
with the tasks and roles assigned to the user. A param with name 'user' is added to this array,
which holds the value of |
$assignments | yii\rbac\Assignment[] | The assignments to the specified user |
return | boolean | Whether the operations can be performed by the user. |
---|
Checks whether there is a loop in the authorization item hierarchy.
protected boolean detectLoop ( $parent, $child ) | ||
$parent | yii\rbac\Item | The parent item |
$child | yii\rbac\Item | The child item to be added to the hierarchy |
return | boolean | Whether a loop exists |
---|
Returns the assignment information regarding a role and a user.
public null|yii\rbac\Assignment getAssignment ( $roleName, $userId ) | ||
$roleName | string | The role name |
$userId | string|integer | The user ID (see yii\web\User::$id) |
return | null|yii\rbac\Assignment | The assignment information. Null is returned if the role is not assigned to the user. |
---|
Returns all role assignment information for the specified user.
public yii\rbac\Assignment[] getAssignments ( $userId ) | ||
$userId | string|integer | The user ID (see yii\web\User::$id) |
return | yii\rbac\Assignment[] | The assignments indexed by role names. An empty array will be returned if there is no role assigned to the user. |
---|
Returns child roles of the role specified. Depth isn't limited.
public yii\rbac\Role[] getChildRoles ( $roleName ) | ||
$roleName | string | Name of the role to file child roles for |
return | yii\rbac\Role[] | Child roles. The array is indexed by the role names. First element is an instance of the parent Role itself. |
---|---|---|
throws | yii\base\InvalidParamException | if Role was not found that are getting by $roleName |
Returns the child permissions and/or roles.
public yii\rbac\Item[] getChildren ( $name ) | ||
$name | string | The parent name |
return | yii\rbac\Item[] | The child permissions and/or roles |
---|
Returns the children for every parent.
protected array getChildrenList ( ) | ||
return | array | The children list. Each array key is a parent item name, and the corresponding array value is a list of child item names. |
---|
Recursively finds all children and grand children of the specified item.
protected void getChildrenRecursive ( $name, $childrenList, &$result ) | ||
$name | string | The name of the item whose children are to be looked for. |
$childrenList | array | The child list built via getChildrenList() |
$result | array | The children and grand children (in array keys) |
Returns all permissions that are directly assigned to user.
protected yii\rbac\Permission[] getDirectPermissionsByUser ( $userId ) | ||
$userId | string|integer | The user ID (see yii\web\User::$id) |
return | yii\rbac\Permission[] | All direct permissions that the user has. The array is indexed by the permission names. |
---|
Returns all permissions that the user inherits from the roles assigned to him.
protected yii\rbac\Permission[] getInheritedPermissionsByUser ( $userId ) | ||
$userId | string|integer | The user ID (see yii\web\User::$id) |
return | yii\rbac\Permission[] | All inherited permissions that the user has. The array is indexed by the permission names. |
---|
Returns the named auth item.
protected yii\rbac\Item getItem ( $name ) | ||
$name | string | The auth item name. |
return | yii\rbac\Item | The auth item corresponding to the specified name. Null is returned if no such item. |
---|
Returns the items of the specified type.
protected yii\rbac\Item[] getItems ( $type ) | ||
$type | integer | The auth item type (either yii\rbac\Item::TYPE_ROLE or yii\rbac\Item::TYPE_PERMISSION |
return | yii\rbac\Item[] | The auth items of the specified type. |
---|
Returns all permissions that the specified role represents.
public yii\rbac\Permission[] getPermissionsByRole ( $roleName ) | ||
$roleName | string | The role name |
return | yii\rbac\Permission[] | All permissions that the role represents. The array is indexed by the permission names. |
---|
Returns all permissions that the user has.
public yii\rbac\Permission[] getPermissionsByUser ( $userId ) | ||
$userId | string|integer | The user ID (see yii\web\User::$id) |
return | yii\rbac\Permission[] | All permissions that the user has. The array is indexed by the permission names. |
---|
Returns the roles that are assigned to the user via assign().
Note that child roles that are not assigned directly to the user will not be returned.
public yii\rbac\Role[] getRolesByUser ( $userId ) | ||
$userId | string|integer | The user ID (see yii\web\User::$id) |
return | yii\rbac\Role[] | All roles directly assigned to the user. The array is indexed by the role names. |
---|
Returns the rule of the specified name.
public null|yii\rbac\Rule getRule ( $name ) | ||
$name | string | The rule name |
return | null|yii\rbac\Rule | The rule object, or null if the specified name does not correspond to a rule. |
---|
Returns all rules available in the system.
public yii\rbac\Rule[] getRules ( ) | ||
return | yii\rbac\Rule[] | The rules indexed by the rule names |
---|
Returns all role assignment information for the specified role.
public string[] getUserIdsByRole ( $roleName ) | ||
$roleName | string | |
return | string[] | The ids. An empty array will be returned if role is not assigned to any user. |
---|
Returns a value indicating whether the child already exists for the parent.
public boolean hasChild ( $parent, $child ) | ||
$parent | yii\rbac\Item | |
$child | yii\rbac\Item | |
return | boolean | Whether |
---|
Initializes the application component.
This method overrides the parent implementation by establishing the database connection.
public void init ( ) |
public void invalidateCache ( ) |
public void loadFromCache ( ) |
Populates an auth item with the data fetched from database
protected yii\rbac\Item populateItem ( $row ) | ||
$row | array | The data from the auth item table |
return | yii\rbac\Item | The populated auth item instance (either Role or Permission) |
---|
Removes all authorization data, including roles, permissions, rules, and assignments.
public void removeAll ( ) |
Removes all role assignments.
public void removeAllAssignments ( ) |
Removes all auth items of the specified type.
protected void removeAllItems ( $type ) | ||
$type | integer | The auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE) |
Removes all permissions.
All parent child relations will be adjusted accordingly.
public void removeAllPermissions ( ) |
Removes all roles.
All parent child relations will be adjusted accordingly.
public void removeAllRoles ( ) |
Removes all rules.
All roles and permissions which have rules will be adjusted accordingly.
public void removeAllRules ( ) |
Removes a child from its parent.
Note, the child item is not deleted. Only the parent-child relationship is removed.
public boolean removeChild ( $parent, $child ) | ||
$parent | yii\rbac\Item | |
$child | yii\rbac\Item | |
return | boolean | Whether the removal is successful |
---|
Removed all children form their parent.
Note, the children items are not deleted. Only the parent-child relationships are removed.
public boolean removeChildren ( $parent ) | ||
$parent | yii\rbac\Item | |
return | boolean | Whether the removal is successful |
---|
Removes an auth item from the RBAC system.
protected boolean removeItem ( $item ) | ||
$item | yii\rbac\Item | The item to remove |
return | boolean | Whether the role or permission is successfully removed |
---|---|---|
throws | Exception | if data validation or saving fails (such as the name of the role or permission is not unique) |
Removes a rule from the RBAC system.
protected boolean removeRule ( $rule ) | ||
$rule | yii\rbac\Rule | The rule to remove |
return | boolean | Whether the rule is successfully removed |
---|---|---|
throws | Exception | if data validation or saving fails (such as the name of the rule is not unique) |
Revokes a role from a user.
public boolean revoke ( $role, $userId ) | ||
$role | yii\rbac\Role | |
$userId | string|integer | The user ID (see yii\web\User::$id) |
return | boolean | Whether the revoking is successful |
---|
Revokes all roles from a user.
public boolean revokeAll ( $userId ) | ||
$userId | mixed | The user ID (see yii\web\User::$id) |
return | boolean | Whether the revoking is successful |
---|
Returns a value indicating whether the database supports cascading update and delete.
The default implementation will return false for SQLite database and true for all other databases.
protected boolean supportsCascadeUpdate ( ) | ||
return | boolean | Whether the database supports cascading update and delete. |
---|
Updates an auth item in the RBAC system.
protected boolean updateItem ( $name, $item ) | ||
$name | string | The name of the item being updated |
$item | yii\rbac\Item | The updated item |
return | boolean | Whether the auth item is successfully updated |
---|---|---|
throws | Exception | if data validation or saving fails (such as the name of the role or permission is not unique) |
Updates a rule to the RBAC system.
protected boolean updateRule ( $name, $rule ) | ||
$name | string | The name of the rule being updated |
$rule | yii\rbac\Rule | The updated rule |
return | boolean | Whether the rule is successfully updated |
---|---|---|
throws | Exception | if data validation or saving fails (such as the name of the rule is not unique) |