From 3fe23f83c75bc106e17885297de4be6cae3d61d2 Mon Sep 17 00:00:00 2001 From: Alexander Kochetov Date: Fri, 10 May 2013 13:50:17 +0400 Subject: [PATCH] Remove IManager interface --- framework/rbac/Assignment.php | 4 +- framework/rbac/IManager.php | 175 ------------------------------------------ framework/rbac/Item.php | 24 +++--- framework/rbac/Manager.php | 163 ++++++++++++++++++++++++++++++++++++--- 4 files changed, 168 insertions(+), 198 deletions(-) delete mode 100644 framework/rbac/IManager.php diff --git a/framework/rbac/Assignment.php b/framework/rbac/Assignment.php index e5d6157..5b6a607 100644 --- a/framework/rbac/Assignment.php +++ b/framework/rbac/Assignment.php @@ -14,7 +14,7 @@ use yii\base\Object; * Assignment represents an assignment of a role to a user. * It includes additional assignment information such as [[bizRule]] and [[data]]. * Do not create a Assignment instance using the 'new' operator. - * Instead, call [[IManager::assign]]. + * Instead, call [[Manager::assign()]]. * * @property mixed $userId User ID (see [[User::id]]). * @property string $itemName The authorization item name. @@ -35,7 +35,7 @@ class Assignment extends Object /** * Constructor. - * @param IManager $auth the authorization manager + * @param Manager $auth the authorization manager * @param mixed $userId user ID (see [[User::id]]) * @param string $itemName authorization item name * @param string $bizRule the business rule associated with this assignment diff --git a/framework/rbac/IManager.php b/framework/rbac/IManager.php deleted file mode 100644 index 0e9eea0..0000000 --- a/framework/rbac/IManager.php +++ /dev/null @@ -1,175 +0,0 @@ - - * @author Alexander Kochetov - * @since 2.0 - */ -interface IManager -{ - /** - * Performs access check for the specified user. - * @param mixed $userId the user ID. This should be either an integer or a string representing - * the unique identifier of a user. See [[User::id]]. - * @param string $itemName the name of the operation that we are checking access to - * @param array $params name-value pairs that would be passed to biz rules associated - * with the tasks and roles assigned to the user. - * @return boolean whether the operations can be performed by the user. - */ - public function checkAccess($userId, $itemName, $params = array()); - - /** - * Creates an authorization item. - * An authorization item represents an action permission (e.g. creating a post). - * It has three types: operation, task and role. - * Authorization items form a hierarchy. Higher level items inheirt permissions representing - * by lower level items. - * @param string $name the item name. This must be a unique identifier. - * @param integer $type the item type (0: operation, 1: task, 2: role). - * @param string $description description of the item - * @param string $bizRule business rule associated with the item. This is a piece of - * PHP code that will be executed when [[checkAccess()]] is called for the item. - * @param mixed $data additional data associated with the item. - * @throws \yii\base\Exception if an item with the same name already exists - * @return Item the authorization item - */ - public function createItem($name, $type, $description = '', $bizRule = null, $data = null); - /** - * Removes the specified authorization item. - * @param string $name the name of the item to be removed - * @return boolean whether the item exists in the storage and has been removed - */ - public function removeItem($name); - /** - * Returns the authorization items of the specific type and user. - * @param mixed $userId the user ID. Defaults to null, meaning returning all items even if - * they are not assigned to a user. - * @param integer $type the item type (0: operation, 1: task, 2: role). Defaults to null, - * meaning returning all items regardless of their type. - * @return Item[] the authorization items of the specific type. - */ - public function getItems($userId = null, $type = null); - /** - * Returns the authorization item with the specified name. - * @param string $name the name of the item - * @return Item the authorization item. Null if the item cannot be found. - */ - public function getItem($name); - /** - * Saves an authorization item to persistent storage. - * @param Item $item the item to be saved. - * @param string $oldName the old item name. If null, it means the item name is not changed. - */ - public function saveItem($item, $oldName = null); - - /** - * Adds an item as a child of another item. - * @param string $itemName the parent item name - * @param string $childName the child item name - * @throws \yii\base\Exception if either parent or child doesn't exist or if a loop has been detected. - */ - public function addItemChild($itemName, $childName); - /** - * Removes a child from its parent. - * Note, the child item is not deleted. Only the parent-child relationship is removed. - * @param string $itemName the parent item name - * @param string $childName the child item name - * @return boolean whether the removal is successful - */ - public function removeItemChild($itemName, $childName); - /** - * Returns a value indicating whether a child exists within a parent. - * @param string $itemName the parent item name - * @param string $childName the child item name - * @return boolean whether the child exists - */ - public function hasItemChild($itemName, $childName); - /** - * Returns the children of the specified item. - * @param mixed $itemName the parent item name. This can be either a string or an array. - * The latter represents a list of item names. - * @return Item[] all child items of the parent - */ - public function getItemChildren($itemName); - - /** - * Assigns an authorization item to a user. - * @param mixed $userId the user ID (see [[User::id]]) - * @param string $itemName the item name - * @param string $bizRule the business rule to be executed when [[checkAccess()]] is called - * for this particular authorization item. - * @param mixed $data additional data associated with this assignment - * @return Assignment the authorization assignment information. - * @throws \yii\base\Exception if the item does not exist or if the item has already been assigned to the user - */ - public function assign($userId, $itemName, $bizRule = null, $data = null); - /** - * Revokes an authorization assignment from a user. - * @param mixed $userId the user ID (see [[User::id]]) - * @param string $itemName the item name - * @return boolean whether removal is successful - */ - public function revoke($userId, $itemName); - /** - * Returns a value indicating whether the item has been assigned to the user. - * @param mixed $userId the user ID (see [[User::id]]) - * @param string $itemName the item name - * @return boolean whether the item has been assigned to the user. - */ - public function isAssigned($userId, $itemName); - /** - * Returns the item assignment information. - * @param mixed $userId the user ID (see [[User::id]]) - * @param string $itemName the item name - * @return Assignment the item assignment information. Null is returned if - * the item is not assigned to the user. - */ - public function getAssignment($userId, $itemName); - /** - * Returns the item assignments for the specified user. - * @param mixed $userId the user ID (see [[User::id]]) - * @return Item[] the item assignment information for the user. An empty array will be - * returned if there is no item assigned to the user. - */ - public function getAssignments($userId); - /** - * Saves the changes to an authorization assignment. - * @param Assignment $assignment the assignment that has been changed. - */ - public function saveAssignment($assignment); - /** - * Removes all authorization data. - */ - public function clearAll(); - /** - * Removes all authorization assignments. - */ - public function clearAssignments(); - /** - * Saves authorization data into persistent storage. - * If any change is made to the authorization data, please make - * sure you call this method to save the changed data into persistent storage. - */ - public function save(); - /** - * Executes a business rule. - * A business rule is a piece of PHP code that will be executed when [[checkAccess()]] is called. - * @param string $bizRule the business rule to be executed. - * @param array $params additional parameters to be passed to the business rule when being executed. - * @param mixed $data additional data that is associated with the corresponding authorization item or assignment - * @return boolean whether the execution returns a true value. - * If the business rule is empty, it will also return true. - */ - public function executeBizRule($bizRule, $params, $data); -} diff --git a/framework/rbac/Item.php b/framework/rbac/Item.php index 1297e41..ef56a53 100644 --- a/framework/rbac/Item.php +++ b/framework/rbac/Item.php @@ -18,7 +18,7 @@ use yii\base\Object; * A user may be assigned one or several authorization items (called [[Assignment]] assignments). * He can perform an operation only when it is among his assigned items. * - * @property IManager $authManager The authorization manager. + * @property Manager $authManager The authorization manager. * @property integer $type The authorization item type. This could be 0 (operation), 1 (task) or 2 (role). * @property string $name The item name. * @property string $description The item description. @@ -45,7 +45,7 @@ class Item extends Object /** * Constructor. - * @param IManager $auth authorization manager + * @param Manager $auth authorization manager * @param string $name authorization item name * @param integer $type authorization item type. This can be 0 (operation), 1 (task) or 2 (role). * @param string $description the description @@ -65,7 +65,7 @@ class Item extends Object /** * Checks to see if the specified item is within the hierarchy starting from this item. * This method is expected to be internally used by the actual implementations - * of the [[IManager::checkAccess()]]. + * of the [[Manager::checkAccess()]]. * @param string $itemName the name of the item to be checked * @param array $params the parameters to be passed to business rule evaluation * @return boolean whether the specified item is within the hierarchy starting from this item. @@ -87,7 +87,7 @@ class Item extends Object } /** - * @return IManager the authorization manager + * @return Manager the authorization manager */ public function getManager() { @@ -184,7 +184,7 @@ class Item extends Object * @param string $name the name of the child item * @return boolean whether the item is added successfully * @throws \yii\base\Exception if either parent or child doesn't exist or if a loop has been detected. - * @see IManager::addItemChild + * @see Manager::addItemChild */ public function addChild($name) { @@ -196,7 +196,7 @@ class Item extends Object * Note, the child item is not deleted. Only the parent-child relationship is removed. * @param string $name the child item name * @return boolean whether the removal is successful - * @see IManager::removeItemChild + * @see Manager::removeItemChild */ public function removeChild($name) { @@ -207,7 +207,7 @@ class Item extends Object * Returns a value indicating whether a child exists * @param string $name the child item name * @return boolean whether the child exists - * @see IManager::hasItemChild + * @see Manager::hasItemChild */ public function hasChild($name) { @@ -217,7 +217,7 @@ class Item extends Object /** * Returns the children of this item. * @return Item[] all child items of this item. - * @see IManager::getItemChildren + * @see Manager::getItemChildren */ public function getChildren() { @@ -232,7 +232,7 @@ class Item extends Object * @param mixed $data additional data associated with this assignment * @return Assignment the authorization assignment information. * @throws \yii\base\Exception if the item has already been assigned to the user - * @see IManager::assign + * @see Manager::assign */ public function assign($userId, $bizRule = null, $data = null) { @@ -243,7 +243,7 @@ class Item extends Object * Revokes an authorization assignment from a user. * @param mixed $userId the user ID (see [[User::id]]) * @return boolean whether removal is successful - * @see IManager::revoke + * @see Manager::revoke */ public function revoke($userId) { @@ -254,7 +254,7 @@ class Item extends Object * Returns a value indicating whether this item has been assigned to the user. * @param mixed $userId the user ID (see [[User::id]]) * @return boolean whether the item has been assigned to the user. - * @see IManager::isAssigned + * @see Manager::isAssigned */ public function isAssigned($userId) { @@ -266,7 +266,7 @@ class Item extends Object * @param mixed $userId the user ID (see [[User::id]]) * @return Assignment the item assignment information. Null is returned if * this item is not assigned to the user. - * @see IManager::getAssignment + * @see Manager::getAssignment */ public function getAssignment($userId) { diff --git a/framework/rbac/Manager.php b/framework/rbac/Manager.php index ce36e60..5c3c4f6 100644 --- a/framework/rbac/Manager.php +++ b/framework/rbac/Manager.php @@ -29,7 +29,7 @@ use yii\base\InvalidParamException; * Using authorization manager consists of two aspects. First, the authorization hierarchy * and assignments have to be established. Manager and its child classes * provides APIs to accomplish this task. Developers may need to develop some GUI - * so that it is more intuitive to end-users. Second, developers call [[IManager::checkAccess()]] + * so that it is more intuitive to end-users. Second, developers call [[Manager::checkAccess()]] * at appropriate places in the application code to check if the current user * has the needed permission for an operation. * @@ -41,7 +41,7 @@ use yii\base\InvalidParamException; * @author Alexander Kochetov * @since 2.0 */ -abstract class Manager extends Component implements IManager +abstract class Manager extends Component { /** * @var boolean Enable error reporting for bizRules. @@ -62,7 +62,7 @@ abstract class Manager extends Component implements IManager /** * Creates a role. - * This is a shortcut method to [[IManager::createItem()]]. + * This is a shortcut method to [[Manager::createItem()]]. * @param string $name the item name * @param string $description the item description. * @param string $bizRule the business rule associated with this item @@ -76,7 +76,7 @@ abstract class Manager extends Component implements IManager /** * Creates a task. - * This is a shortcut method to [[IManager::createItem()]]. + * This is a shortcut method to [[Manager::createItem()]]. * @param string $name the item name * @param string $description the item description. * @param string $bizRule the business rule associated with this item @@ -90,7 +90,7 @@ abstract class Manager extends Component implements IManager /** * Creates an operation. - * This is a shortcut method to [[IManager::createItem()]]. + * This is a shortcut method to [[Manager::createItem()]]. * @param string $name the item name * @param string $description the item description. * @param string $bizRule the business rule associated with this item @@ -104,7 +104,7 @@ abstract class Manager extends Component implements IManager /** * Returns roles. - * This is a shortcut method to [[IManager::getItems()]]. + * This is a shortcut method to [[Manager::getItems()]]. * @param mixed $userId the user ID. If not null, only the roles directly assigned to the user * will be returned. Otherwise, all roles will be returned. * @return Item[] roles (name=>AuthItem) @@ -116,7 +116,7 @@ abstract class Manager extends Component implements IManager /** * Returns tasks. - * This is a shortcut method to [[IManager::getItems()]]. + * This is a shortcut method to [[Manager::getItems()]]. * @param mixed $userId the user ID. If not null, only the tasks directly assigned to the user * will be returned. Otherwise, all tasks will be returned. * @return Item[] tasks (name=>AuthItem) @@ -128,7 +128,7 @@ abstract class Manager extends Component implements IManager /** * Returns operations. - * This is a shortcut method to [[IManager::getItems()]]. + * This is a shortcut method to [[Manager::getItems()]]. * @param mixed $userId the user ID. If not null, only the operations directly assigned to the user * will be returned. Otherwise, all operations will be returned. * @return Item[] operations (name=>AuthItem) @@ -141,7 +141,7 @@ abstract class Manager extends Component implements IManager /** * Executes the specified business rule. * @param string $bizRule the business rule to be executed. - * @param array $params parameters passed to [[IManager::checkAccess()]]. + * @param array $params parameters passed to [[Manager::checkAccess()]]. * @param mixed $data additional data associated with the authorization item or assignment. * @return boolean whether the business rule returns true. * If the business rule is empty, it will still return true. @@ -164,4 +164,149 @@ abstract class Manager extends Component implements IManager throw new InvalidParamException("Cannot add an item of type '$types[$childType]' to an item of type '$types[$parentType]'."); } } + + /** + * Performs access check for the specified user. + * @param mixed $userId the user ID. This should be either an integer or a string representing + * the unique identifier of a user. See [[User::id]]. + * @param string $itemName the name of the operation that we are checking access to + * @param array $params name-value pairs that would be passed to biz rules associated + * with the tasks and roles assigned to the user. + * @return boolean whether the operations can be performed by the user. + */ + abstract public function checkAccess($userId, $itemName, $params = array()); + + /** + * Creates an authorization item. + * An authorization item represents an action permission (e.g. creating a post). + * It has three types: operation, task and role. + * Authorization items form a hierarchy. Higher level items inheirt permissions representing + * by lower level items. + * @param string $name the item name. This must be a unique identifier. + * @param integer $type the item type (0: operation, 1: task, 2: role). + * @param string $description description of the item + * @param string $bizRule business rule associated with the item. This is a piece of + * PHP code that will be executed when [[checkAccess()]] is called for the item. + * @param mixed $data additional data associated with the item. + * @throws \yii\base\Exception if an item with the same name already exists + * @return Item the authorization item + */ + abstract public function createItem($name, $type, $description = '', $bizRule = null, $data = null); + /** + * Removes the specified authorization item. + * @param string $name the name of the item to be removed + * @return boolean whether the item exists in the storage and has been removed + */ + abstract public function removeItem($name); + /** + * Returns the authorization items of the specific type and user. + * @param mixed $userId the user ID. Defaults to null, meaning returning all items even if + * they are not assigned to a user. + * @param integer $type the item type (0: operation, 1: task, 2: role). Defaults to null, + * meaning returning all items regardless of their type. + * @return Item[] the authorization items of the specific type. + */ + abstract public function getItems($userId = null, $type = null); + /** + * Returns the authorization item with the specified name. + * @param string $name the name of the item + * @return Item the authorization item. Null if the item cannot be found. + */ + abstract public function getItem($name); + /** + * Saves an authorization item to persistent storage. + * @param Item $item the item to be saved. + * @param string $oldName the old item name. If null, it means the item name is not changed. + */ + abstract public function saveItem($item, $oldName = null); + + /** + * Adds an item as a child of another item. + * @param string $itemName the parent item name + * @param string $childName the child item name + * @throws \yii\base\Exception if either parent or child doesn't exist or if a loop has been detected. + */ + abstract public function addItemChild($itemName, $childName); + /** + * Removes a child from its parent. + * Note, the child item is not deleted. Only the parent-child relationship is removed. + * @param string $itemName the parent item name + * @param string $childName the child item name + * @return boolean whether the removal is successful + */ + abstract public function removeItemChild($itemName, $childName); + /** + * Returns a value indicating whether a child exists within a parent. + * @param string $itemName the parent item name + * @param string $childName the child item name + * @return boolean whether the child exists + */ + abstract public function hasItemChild($itemName, $childName); + /** + * Returns the children of the specified item. + * @param mixed $itemName the parent item name. This can be either a string or an array. + * The latter represents a list of item names. + * @return Item[] all child items of the parent + */ + abstract public function getItemChildren($itemName); + + /** + * Assigns an authorization item to a user. + * @param mixed $userId the user ID (see [[User::id]]) + * @param string $itemName the item name + * @param string $bizRule the business rule to be executed when [[checkAccess()]] is called + * for this particular authorization item. + * @param mixed $data additional data associated with this assignment + * @return Assignment the authorization assignment information. + * @throws \yii\base\Exception if the item does not exist or if the item has already been assigned to the user + */ + abstract public function assign($userId, $itemName, $bizRule = null, $data = null); + /** + * Revokes an authorization assignment from a user. + * @param mixed $userId the user ID (see [[User::id]]) + * @param string $itemName the item name + * @return boolean whether removal is successful + */ + abstract public function revoke($userId, $itemName); + /** + * Returns a value indicating whether the item has been assigned to the user. + * @param mixed $userId the user ID (see [[User::id]]) + * @param string $itemName the item name + * @return boolean whether the item has been assigned to the user. + */ + abstract public function isAssigned($userId, $itemName); + /** + * Returns the item assignment information. + * @param mixed $userId the user ID (see [[User::id]]) + * @param string $itemName the item name + * @return Assignment the item assignment information. Null is returned if + * the item is not assigned to the user. + */ + abstract public function getAssignment($userId, $itemName); + /** + * Returns the item assignments for the specified user. + * @param mixed $userId the user ID (see [[User::id]]) + * @return Item[] the item assignment information for the user. An empty array will be + * returned if there is no item assigned to the user. + */ + abstract public function getAssignments($userId); + /** + * Saves the changes to an authorization assignment. + * @param Assignment $assignment the assignment that has been changed. + */ + abstract public function saveAssignment($assignment); + /** + * Removes all authorization data. + */ + abstract public function clearAll(); + /** + * Removes all authorization assignments. + */ + abstract public function clearAssignments(); + /** + * Saves authorization data into persistent storage. + * If any change is made to the authorization data, please make + * sure you call this method to save the changed data into persistent storage. + */ + abstract public function save(); }