Error202
/
yii2-swiftmailer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Remove IManager interface

tags/2.0.0-beta
Alexander Kochetov 12 years ago
parent
a03d1164ad
commit
3fe23f83c7
4 changed files with 168 additions and 198 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      framework/rbac/Assignment.php
  2. 175
      framework/rbac/IManager.php
  3. 24
      framework/rbac/Item.php
  4. 163
      framework/rbac/Manager.php

4
framework/rbac/Assignment.php
Unescape View File

@ -14,7 +14,7 @@ use yii\base\Object;
* Assignment represents an assignment of a role to a user. * Assignment represents an assignment of a role to a user.
* It includes additional assignment information such as [[bizRule]] and [[data]]. * It includes additional assignment information such as [[bizRule]] and [[data]].
* Do not create a Assignment instance using the 'new' operator. * Do not create a Assignment instance using the 'new' operator.
* Instead, call [[IManager::assign]]. * Instead, call [[Manager::assign()]].
* *
* @property mixed $userId User ID (see [[User::id]]). * @property mixed $userId User ID (see [[User::id]]).
* @property string $itemName The authorization item name. * @property string $itemName The authorization item name.
@ -35,7 +35,7 @@ class Assignment extends Object
/** /**
* Constructor. * Constructor.
* @param IManager $auth the authorization manager * @param Manager $auth the authorization manager
* @param mixed $userId user ID (see [[User::id]]) * @param mixed $userId user ID (see [[User::id]])
* @param string $itemName authorization item name * @param string $itemName authorization item name
* @param string $bizRule the business rule associated with this assignment * @param string $bizRule the business rule associated with this assignment

175
framework/rbac/IManager.php
Unescape View File

@ -1,175 +0,0 @@
<?php
/**
* @link http://www.yiiframework.com/
* @copyright Copyright (c) 2008 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
namespace yii\rbac;
/**
* IManager interface is implemented by an auth manager application component.
*
* An auth manager is mainly responsible for providing role-based access control (RBAC) service.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Alexander Kochetov <creocoder@gmail.com>
* @since 2.0
*/
interface IManager
{
/**
* Performs access check for the specified user.
* @param mixed $userId the user ID. This should be either an integer or a string representing
* the unique identifier of a user. See [[User::id]].
* @param string $itemName the name of the operation that we are checking access to
* @param array $params name-value pairs that would be passed to biz rules associated
* with the tasks and roles assigned to the user.
* @return boolean whether the operations can be performed by the user.
*/
public function checkAccess($userId, $itemName, $params = array());
/**
* Creates an authorization item.
* An authorization item represents an action permission (e.g. creating a post).
* It has three types: operation, task and role.
* Authorization items form a hierarchy. Higher level items inheirt permissions representing
* by lower level items.
* @param string $name the item name. This must be a unique identifier.
* @param integer $type the item type (0: operation, 1: task, 2: role).
* @param string $description description of the item
* @param string $bizRule business rule associated with the item. This is a piece of
* PHP code that will be executed when [[checkAccess()]] is called for the item.
* @param mixed $data additional data associated with the item.
* @throws \yii\base\Exception if an item with the same name already exists
* @return Item the authorization item
*/
public function createItem($name, $type, $description = '', $bizRule = null, $data = null);
/**
* Removes the specified authorization item.
* @param string $name the name of the item to be removed
* @return boolean whether the item exists in the storage and has been removed
*/
public function removeItem($name);
/**
* Returns the authorization items of the specific type and user.
* @param mixed $userId the user ID. Defaults to null, meaning returning all items even if
* they are not assigned to a user.
* @param integer $type the item type (0: operation, 1: task, 2: role). Defaults to null,
* meaning returning all items regardless of their type.
* @return Item[] the authorization items of the specific type.
*/
public function getItems($userId = null, $type = null);
/**
* Returns the authorization item with the specified name.
* @param string $name the name of the item
* @return Item the authorization item. Null if the item cannot be found.
*/
public function getItem($name);
/**
* Saves an authorization item to persistent storage.
* @param Item $item the item to be saved.
* @param string $oldName the old item name. If null, it means the item name is not changed.
*/
public function saveItem($item, $oldName = null);
/**
* Adds an item as a child of another item.
* @param string $itemName the parent item name
* @param string $childName the child item name
* @throws \yii\base\Exception if either parent or child doesn't exist or if a loop has been detected.
*/
public function addItemChild($itemName, $childName);
/**
* Removes a child from its parent.
* Note, the child item is not deleted. Only the parent-child relationship is removed.
* @param string $itemName the parent item name
* @param string $childName the child item name
* @return boolean whether the removal is successful
*/
public function removeItemChild($itemName, $childName);
/**
* Returns a value indicating whether a child exists within a parent.
* @param string $itemName the parent item name
* @param string $childName the child item name
* @return boolean whether the child exists
*/
public function hasItemChild($itemName, $childName);
/**
* Returns the children of the specified item.
* @param mixed $itemName the parent item name. This can be either a string or an array.
* The latter represents a list of item names.
* @return Item[] all child items of the parent
*/
public function getItemChildren($itemName);
/**
* Assigns an authorization item to a user.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @param string $bizRule the business rule to be executed when [[checkAccess()]] is called
* for this particular authorization item.
* @param mixed $data additional data associated with this assignment
* @return Assignment the authorization assignment information.
* @throws \yii\base\Exception if the item does not exist or if the item has already been assigned to the user
*/
public function assign($userId, $itemName, $bizRule = null, $data = null);
/**
* Revokes an authorization assignment from a user.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @return boolean whether removal is successful
*/
public function revoke($userId, $itemName);
/**
* Returns a value indicating whether the item has been assigned to the user.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @return boolean whether the item has been assigned to the user.
*/
public function isAssigned($userId, $itemName);
/**
* Returns the item assignment information.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @return Assignment the item assignment information. Null is returned if
* the item is not assigned to the user.
*/
public function getAssignment($userId, $itemName);
/**
* Returns the item assignments for the specified user.
* @param mixed $userId the user ID (see [[User::id]])
* @return Item[] the item assignment information for the user. An empty array will be
* returned if there is no item assigned to the user.
*/
public function getAssignments($userId);
/**
* Saves the changes to an authorization assignment.
* @param Assignment $assignment the assignment that has been changed.
*/
public function saveAssignment($assignment);
/**
* Removes all authorization data.
*/
public function clearAll();
/**
* Removes all authorization assignments.
*/
public function clearAssignments();
/**
* Saves authorization data into persistent storage.
* If any change is made to the authorization data, please make
* sure you call this method to save the changed data into persistent storage.
*/
public function save();
/**
* Executes a business rule.
* A business rule is a piece of PHP code that will be executed when [[checkAccess()]] is called.
* @param string $bizRule the business rule to be executed.
* @param array $params additional parameters to be passed to the business rule when being executed.
* @param mixed $data additional data that is associated with the corresponding authorization item or assignment
* @return boolean whether the execution returns a true value.
* If the business rule is empty, it will also return true.
*/
public function executeBizRule($bizRule, $params, $data);
}

24
framework/rbac/Item.php
Unescape View File

@ -18,7 +18,7 @@ use yii\base\Object;
* A user may be assigned one or several authorization items (called [[Assignment]] assignments). * A user may be assigned one or several authorization items (called [[Assignment]] assignments).
* He can perform an operation only when it is among his assigned items. * He can perform an operation only when it is among his assigned items.
* *
* @property IManager $authManager The authorization manager. * @property Manager $authManager The authorization manager.
* @property integer $type The authorization item type. This could be 0 (operation), 1 (task) or 2 (role). * @property integer $type The authorization item type. This could be 0 (operation), 1 (task) or 2 (role).
* @property string $name The item name. * @property string $name The item name.
* @property string $description The item description. * @property string $description The item description.
@ -45,7 +45,7 @@ class Item extends Object
/** /**
* Constructor. * Constructor.
* @param IManager $auth authorization manager * @param Manager $auth authorization manager
* @param string $name authorization item name * @param string $name authorization item name
* @param integer $type authorization item type. This can be 0 (operation), 1 (task) or 2 (role). * @param integer $type authorization item type. This can be 0 (operation), 1 (task) or 2 (role).
* @param string $description the description * @param string $description the description
@ -65,7 +65,7 @@ class Item extends Object
/** /**
* Checks to see if the specified item is within the hierarchy starting from this item. * Checks to see if the specified item is within the hierarchy starting from this item.
* This method is expected to be internally used by the actual implementations * This method is expected to be internally used by the actual implementations
* of the [[IManager::checkAccess()]]. * of the [[Manager::checkAccess()]].
* @param string $itemName the name of the item to be checked * @param string $itemName the name of the item to be checked
* @param array $params the parameters to be passed to business rule evaluation * @param array $params the parameters to be passed to business rule evaluation
* @return boolean whether the specified item is within the hierarchy starting from this item. * @return boolean whether the specified item is within the hierarchy starting from this item.
@ -87,7 +87,7 @@ class Item extends Object
} }
/** /**
* @return IManager the authorization manager * @return Manager the authorization manager
*/ */
public function getManager() public function getManager()
{ {
@ -184,7 +184,7 @@ class Item extends Object
* @param string $name the name of the child item * @param string $name the name of the child item
* @return boolean whether the item is added successfully * @return boolean whether the item is added successfully
* @throws \yii\base\Exception if either parent or child doesn't exist or if a loop has been detected. * @throws \yii\base\Exception if either parent or child doesn't exist or if a loop has been detected.
* @see IManager::addItemChild * @see Manager::addItemChild
*/ */
public function addChild($name) public function addChild($name)
{ {
@ -196,7 +196,7 @@ class Item extends Object
* Note, the child item is not deleted. Only the parent-child relationship is removed. * Note, the child item is not deleted. Only the parent-child relationship is removed.
* @param string $name the child item name * @param string $name the child item name
* @return boolean whether the removal is successful * @return boolean whether the removal is successful
* @see IManager::removeItemChild * @see Manager::removeItemChild
*/ */
public function removeChild($name) public function removeChild($name)
{ {
@ -207,7 +207,7 @@ class Item extends Object
* Returns a value indicating whether a child exists * Returns a value indicating whether a child exists
* @param string $name the child item name * @param string $name the child item name
* @return boolean whether the child exists * @return boolean whether the child exists
* @see IManager::hasItemChild * @see Manager::hasItemChild
*/ */
public function hasChild($name) public function hasChild($name)
{ {
@ -217,7 +217,7 @@ class Item extends Object
/** /**
* Returns the children of this item. * Returns the children of this item.
* @return Item[] all child items of this item. * @return Item[] all child items of this item.
* @see IManager::getItemChildren * @see Manager::getItemChildren
*/ */
public function getChildren() public function getChildren()
{ {
@ -232,7 +232,7 @@ class Item extends Object
* @param mixed $data additional data associated with this assignment * @param mixed $data additional data associated with this assignment
* @return Assignment the authorization assignment information. * @return Assignment the authorization assignment information.
* @throws \yii\base\Exception if the item has already been assigned to the user * @throws \yii\base\Exception if the item has already been assigned to the user
* @see IManager::assign * @see Manager::assign
*/ */
public function assign($userId, $bizRule = null, $data = null) public function assign($userId, $bizRule = null, $data = null)
{ {
@ -243,7 +243,7 @@ class Item extends Object
* Revokes an authorization assignment from a user. * Revokes an authorization assignment from a user.
* @param mixed $userId the user ID (see [[User::id]]) * @param mixed $userId the user ID (see [[User::id]])
* @return boolean whether removal is successful * @return boolean whether removal is successful
* @see IManager::revoke * @see Manager::revoke
*/ */
public function revoke($userId) public function revoke($userId)
{ {
@ -254,7 +254,7 @@ class Item extends Object
* Returns a value indicating whether this item has been assigned to the user. * Returns a value indicating whether this item has been assigned to the user.
* @param mixed $userId the user ID (see [[User::id]]) * @param mixed $userId the user ID (see [[User::id]])
* @return boolean whether the item has been assigned to the user. * @return boolean whether the item has been assigned to the user.
* @see IManager::isAssigned * @see Manager::isAssigned
*/ */
public function isAssigned($userId) public function isAssigned($userId)
{ {
@ -266,7 +266,7 @@ class Item extends Object
* @param mixed $userId the user ID (see [[User::id]]) * @param mixed $userId the user ID (see [[User::id]])
* @return Assignment the item assignment information. Null is returned if * @return Assignment the item assignment information. Null is returned if
* this item is not assigned to the user. * this item is not assigned to the user.
* @see IManager::getAssignment * @see Manager::getAssignment
*/ */
public function getAssignment($userId) public function getAssignment($userId)
{ {

163
framework/rbac/Manager.php
Unescape View File

@ -29,7 +29,7 @@ use yii\base\InvalidParamException;
* Using authorization manager consists of two aspects. First, the authorization hierarchy * Using authorization manager consists of two aspects. First, the authorization hierarchy
* and assignments have to be established. Manager and its child classes * and assignments have to be established. Manager and its child classes
* provides APIs to accomplish this task. Developers may need to develop some GUI * provides APIs to accomplish this task. Developers may need to develop some GUI
* so that it is more intuitive to end-users. Second, developers call [[IManager::checkAccess()]] * so that it is more intuitive to end-users. Second, developers call [[Manager::checkAccess()]]
* at appropriate places in the application code to check if the current user * at appropriate places in the application code to check if the current user
* has the needed permission for an operation. * has the needed permission for an operation.
* *
@ -41,7 +41,7 @@ use yii\base\InvalidParamException;
* @author Alexander Kochetov <creocoder@gmail.com> * @author Alexander Kochetov <creocoder@gmail.com>
* @since 2.0 * @since 2.0
*/ */
abstract class Manager extends Component implements IManager abstract class Manager extends Component
{ {
/** /**
* @var boolean Enable error reporting for bizRules. * @var boolean Enable error reporting for bizRules.
@ -62,7 +62,7 @@ abstract class Manager extends Component implements IManager
/** /**
* Creates a role. * Creates a role.
* This is a shortcut method to [[IManager::createItem()]]. * This is a shortcut method to [[Manager::createItem()]].
* @param string $name the item name * @param string $name the item name
* @param string $description the item description. * @param string $description the item description.
* @param string $bizRule the business rule associated with this item * @param string $bizRule the business rule associated with this item
@ -76,7 +76,7 @@ abstract class Manager extends Component implements IManager
/** /**
* Creates a task. * Creates a task.
* This is a shortcut method to [[IManager::createItem()]]. * This is a shortcut method to [[Manager::createItem()]].
* @param string $name the item name * @param string $name the item name
* @param string $description the item description. * @param string $description the item description.
* @param string $bizRule the business rule associated with this item * @param string $bizRule the business rule associated with this item
@ -90,7 +90,7 @@ abstract class Manager extends Component implements IManager
/** /**
* Creates an operation. * Creates an operation.
* This is a shortcut method to [[IManager::createItem()]]. * This is a shortcut method to [[Manager::createItem()]].
* @param string $name the item name * @param string $name the item name
* @param string $description the item description. * @param string $description the item description.
* @param string $bizRule the business rule associated with this item * @param string $bizRule the business rule associated with this item
@ -104,7 +104,7 @@ abstract class Manager extends Component implements IManager
/** /**
* Returns roles. * Returns roles.
* This is a shortcut method to [[IManager::getItems()]]. * This is a shortcut method to [[Manager::getItems()]].
* @param mixed $userId the user ID. If not null, only the roles directly assigned to the user * @param mixed $userId the user ID. If not null, only the roles directly assigned to the user
* will be returned. Otherwise, all roles will be returned. * will be returned. Otherwise, all roles will be returned.
* @return Item[] roles (name=>AuthItem) * @return Item[] roles (name=>AuthItem)
@ -116,7 +116,7 @@ abstract class Manager extends Component implements IManager
/** /**
* Returns tasks. * Returns tasks.
* This is a shortcut method to [[IManager::getItems()]]. * This is a shortcut method to [[Manager::getItems()]].
* @param mixed $userId the user ID. If not null, only the tasks directly assigned to the user * @param mixed $userId the user ID. If not null, only the tasks directly assigned to the user
* will be returned. Otherwise, all tasks will be returned. * will be returned. Otherwise, all tasks will be returned.
* @return Item[] tasks (name=>AuthItem) * @return Item[] tasks (name=>AuthItem)
@ -128,7 +128,7 @@ abstract class Manager extends Component implements IManager
/** /**
* Returns operations. * Returns operations.
* This is a shortcut method to [[IManager::getItems()]]. * This is a shortcut method to [[Manager::getItems()]].
* @param mixed $userId the user ID. If not null, only the operations directly assigned to the user * @param mixed $userId the user ID. If not null, only the operations directly assigned to the user
* will be returned. Otherwise, all operations will be returned. * will be returned. Otherwise, all operations will be returned.
* @return Item[] operations (name=>AuthItem) * @return Item[] operations (name=>AuthItem)
@ -141,7 +141,7 @@ abstract class Manager extends Component implements IManager
/** /**
* Executes the specified business rule. * Executes the specified business rule.
* @param string $bizRule the business rule to be executed. * @param string $bizRule the business rule to be executed.
* @param array $params parameters passed to [[IManager::checkAccess()]]. * @param array $params parameters passed to [[Manager::checkAccess()]].
* @param mixed $data additional data associated with the authorization item or assignment. * @param mixed $data additional data associated with the authorization item or assignment.
* @return boolean whether the business rule returns true. * @return boolean whether the business rule returns true.
* If the business rule is empty, it will still return true. * If the business rule is empty, it will still return true.
@ -164,4 +164,149 @@ abstract class Manager extends Component implements IManager
throw new InvalidParamException("Cannot add an item of type '$types[$childType]' to an item of type '$types[$parentType]'."); throw new InvalidParamException("Cannot add an item of type '$types[$childType]' to an item of type '$types[$parentType]'.");
} }
} }
/**
* Performs access check for the specified user.
* @param mixed $userId the user ID. This should be either an integer or a string representing
* the unique identifier of a user. See [[User::id]].
* @param string $itemName the name of the operation that we are checking access to
* @param array $params name-value pairs that would be passed to biz rules associated
* with the tasks and roles assigned to the user.
* @return boolean whether the operations can be performed by the user.
*/
abstract public function checkAccess($userId, $itemName, $params = array());
/**
* Creates an authorization item.
* An authorization item represents an action permission (e.g. creating a post).
* It has three types: operation, task and role.
* Authorization items form a hierarchy. Higher level items inheirt permissions representing
* by lower level items.
* @param string $name the item name. This must be a unique identifier.
* @param integer $type the item type (0: operation, 1: task, 2: role).
* @param string $description description of the item
* @param string $bizRule business rule associated with the item. This is a piece of
* PHP code that will be executed when [[checkAccess()]] is called for the item.
* @param mixed $data additional data associated with the item.
* @throws \yii\base\Exception if an item with the same name already exists
* @return Item the authorization item
*/
abstract public function createItem($name, $type, $description = '', $bizRule = null, $data = null);
/**
* Removes the specified authorization item.
* @param string $name the name of the item to be removed
* @return boolean whether the item exists in the storage and has been removed
*/
abstract public function removeItem($name);
/**
* Returns the authorization items of the specific type and user.
* @param mixed $userId the user ID. Defaults to null, meaning returning all items even if
* they are not assigned to a user.
* @param integer $type the item type (0: operation, 1: task, 2: role). Defaults to null,
* meaning returning all items regardless of their type.
* @return Item[] the authorization items of the specific type.
*/
abstract public function getItems($userId = null, $type = null);
/**
* Returns the authorization item with the specified name.
* @param string $name the name of the item
* @return Item the authorization item. Null if the item cannot be found.
*/
abstract public function getItem($name);
/**
* Saves an authorization item to persistent storage.
* @param Item $item the item to be saved.
* @param string $oldName the old item name. If null, it means the item name is not changed.
*/
abstract public function saveItem($item, $oldName = null);
/**
* Adds an item as a child of another item.
* @param string $itemName the parent item name
* @param string $childName the child item name
* @throws \yii\base\Exception if either parent or child doesn't exist or if a loop has been detected.
*/
abstract public function addItemChild($itemName, $childName);
/**
* Removes a child from its parent.
* Note, the child item is not deleted. Only the parent-child relationship is removed.
* @param string $itemName the parent item name
* @param string $childName the child item name
* @return boolean whether the removal is successful
*/
abstract public function removeItemChild($itemName, $childName);
/**
* Returns a value indicating whether a child exists within a parent.
* @param string $itemName the parent item name
* @param string $childName the child item name
* @return boolean whether the child exists
*/
abstract public function hasItemChild($itemName, $childName);
/**
* Returns the children of the specified item.
* @param mixed $itemName the parent item name. This can be either a string or an array.
* The latter represents a list of item names.
* @return Item[] all child items of the parent
*/
abstract public function getItemChildren($itemName);
/**
* Assigns an authorization item to a user.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @param string $bizRule the business rule to be executed when [[checkAccess()]] is called
* for this particular authorization item.
* @param mixed $data additional data associated with this assignment
* @return Assignment the authorization assignment information.
* @throws \yii\base\Exception if the item does not exist or if the item has already been assigned to the user
*/
abstract public function assign($userId, $itemName, $bizRule = null, $data = null);
/**
* Revokes an authorization assignment from a user.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @return boolean whether removal is successful
*/
abstract public function revoke($userId, $itemName);
/**
* Returns a value indicating whether the item has been assigned to the user.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @return boolean whether the item has been assigned to the user.
*/
abstract public function isAssigned($userId, $itemName);
/**
* Returns the item assignment information.
* @param mixed $userId the user ID (see [[User::id]])
* @param string $itemName the item name
* @return Assignment the item assignment information. Null is returned if
* the item is not assigned to the user.
*/
abstract public function getAssignment($userId, $itemName);
/**
* Returns the item assignments for the specified user.
* @param mixed $userId the user ID (see [[User::id]])
* @return Item[] the item assignment information for the user. An empty array will be
* returned if there is no item assigned to the user.
*/
abstract public function getAssignments($userId);
/**
* Saves the changes to an authorization assignment.
* @param Assignment $assignment the assignment that has been changed.
*/
abstract public function saveAssignment($assignment);
/**
* Removes all authorization data.
*/
abstract public function clearAll();
/**
* Removes all authorization assignments.
*/
abstract public function clearAssignments();
/**
* Saves authorization data into persistent storage.
* If any change is made to the authorization data, please make
* sure you call this method to save the changed data into persistent storage.
*/
abstract public function save();
} }

Write Preview
Loading…
Cancel
Save