Class yii\rbac\PhpManager

All Classes | Properties | Methods

Inheritance	yii\rbac\PhpManager » yii\rbac\BaseManager » yii\base\Component » yii\base\BaseObject
Implements	yii\base\Configurable, yii\rbac\ManagerInterface
Available since version	2.0
Source Code	https://github.com/yiisoft/yii2/blob/master/framework/rbac/PhpManager.php

PhpManager represents an authorization manager that stores authorization information in terms of a PHP script file.

The authorization data will be saved to and loaded from three files specified by $itemFile, $assignmentFile and $ruleFile.

PhpManager is mainly suitable for authorization data that is not too big (for example, the authorization data for a personal blog system). Use yii\rbac\DbManager for more complex authorization data.

Note that PhpManager is not compatible with facebooks HHVM because it relies on writing php files and including them afterwards which is not supported by HHVM.

For more details and usage information on PhpManager, see the guide article on security authorization.

Public Properties

Hide inherited properties

Property	Type	Description	Defined By
$assignmentFile	string	The path of the PHP script that contains the authorization assignments.	yii\rbac\PhpManager
$behaviors	yii\base\Behavior[]	List of behaviors attached to this component.	yii\base\Component
$defaultRoleInstances	yii\rbac\Role[]	Default roles. The array is indexed by the role names.	yii\rbac\BaseManager
$itemFile	string	The path of the PHP script that contains the authorization items.	yii\rbac\PhpManager
$permissions	yii\rbac\Permission[]	All permissions in the system.	yii\rbac\BaseManager
$roles	yii\rbac\Role[]	All roles in the system.	yii\rbac\BaseManager
$ruleFile	string	The path of the PHP script that contains the authorization rules.	yii\rbac\PhpManager

Protected Properties

Hide inherited properties

Property	Type	Description	Defined By
$assignments	array		yii\rbac\PhpManager
$children	array		yii\rbac\PhpManager
$defaultRoles	array	A list of role names that are assigned to every user automatically without calling assign().	yii\rbac\BaseManager
$items	yii\rbac\Item[]		yii\rbac\PhpManager
$rules	yii\rbac\Rule[]		yii\rbac\PhpManager

Public Methods

Hide inherited methods

Method	Description	Defined By
__call()	Calls the named method which is not a class method.	yii\base\Component
__clone()	This method is called after the object is created by cloning an existing one.	yii\base\Component
__construct()	Constructor.	yii\base\BaseObject
__get()	Returns the value of a component property.	yii\base\Component
__isset()	Checks if a property is set, i.e. defined and not null.	yii\base\Component
__set()	Sets the value of a component property.	yii\base\Component
__unset()	Sets a component property to be null.	yii\base\Component
add()	Adds a role, permission or rule to the RBAC system.	yii\rbac\BaseManager
addChild()	Adds an item as a child of another item.	yii\rbac\PhpManager
assign()	Assigns a role to a user.	yii\rbac\PhpManager
attachBehavior()	Attaches a behavior to this component.	yii\base\Component
attachBehaviors()	Attaches a list of behaviors to the component.	yii\base\Component
behaviors()	Returns a list of behaviors that this component should behave as.	yii\base\Component
canAddChild()	Checks the possibility of adding a child to parent.	yii\rbac\PhpManager
canGetProperty()	Returns a value indicating whether a property can be read.	yii\base\Component
canSetProperty()	Returns a value indicating whether a property can be set.	yii\base\Component
checkAccess()		yii\rbac\PhpManager
className()	Returns the fully qualified name of this class.	yii\base\BaseObject
createPermission()	Creates a new Permission object.	yii\rbac\BaseManager
createRole()	Creates a new Role object.	yii\rbac\BaseManager
detachBehavior()	Detaches a behavior from the component.	yii\base\Component
detachBehaviors()	Detaches all behaviors from the component.	yii\base\Component
ensureBehaviors()	Makes sure that the behaviors declared in behaviors() are attached to this component.	yii\base\Component
getAssignment()	Returns the assignment information regarding a role and a user.	yii\rbac\PhpManager
getAssignments()	Returns all role assignment information for the specified user.	yii\rbac\PhpManager
getBehavior()	Returns the named behavior object.	yii\base\Component
getBehaviors()	Returns all behaviors attached to this component.	yii\base\Component
getChildRoles()	Returns child roles of the role specified. Depth isn't limited.	yii\rbac\PhpManager
getChildren()	Returns the child permissions and/or roles.	yii\rbac\PhpManager
getDefaultRoleInstances()	Returns defaultRoles as array of Role objects.	yii\rbac\BaseManager
getDefaultRoles()	Get default roles	yii\rbac\BaseManager
getItem()	Returns the named auth item.	yii\rbac\PhpManager
getItems()	Returns the items of the specified type.	yii\rbac\PhpManager
getPermission()	Returns the named permission.	yii\rbac\BaseManager
getPermissions()	Returns all permissions in the system.	yii\rbac\BaseManager
getPermissionsByRole()	Returns all permissions that the specified role represents.	yii\rbac\PhpManager
getPermissionsByUser()	Returns all permissions that the user has.	yii\rbac\PhpManager
getRole()	Returns the named role.	yii\rbac\BaseManager
getRoles()	Returns all roles in the system.	yii\rbac\BaseManager
getRolesByUser()	{@inheritdoc} The roles returned by this method include the roles assigned via $defaultRoles.	yii\rbac\PhpManager
getRule()	Returns the rule of the specified name.	yii\rbac\PhpManager
getRules()	Returns all rules available in the system.	yii\rbac\PhpManager
getUserIdsByRole()	Returns all user IDs assigned to the role specified.	yii\rbac\PhpManager
hasChild()	Returns a value indicating whether the child already exists for the parent.	yii\rbac\PhpManager
hasEventHandlers()	Returns a value indicating whether there is any handler attached to the named event.	yii\base\Component
hasMethod()	Returns a value indicating whether a method is defined.	yii\base\Component
hasProperty()	Returns a value indicating whether a property is defined for this component.	yii\base\Component
init()	Initializes the application component.	yii\rbac\PhpManager
off()	Detaches an existing event handler from this component.	yii\base\Component
on()	Attaches an event handler to an event.	yii\base\Component
remove()	Removes a role, permission or rule from the RBAC system.	yii\rbac\BaseManager
removeAll()	Removes all authorization data, including roles, permissions, rules, and assignments.	yii\rbac\PhpManager
removeAllAssignments()	Removes all role assignments.	yii\rbac\PhpManager
removeAllPermissions()	Removes all permissions.	yii\rbac\PhpManager
removeAllRoles()	Removes all roles.	yii\rbac\PhpManager
removeAllRules()	Removes all rules.	yii\rbac\PhpManager
removeChild()	Removes a child from its parent.	yii\rbac\PhpManager
removeChildren()	Removed all children form their parent.	yii\rbac\PhpManager
removeItem()	Removes an auth item from the RBAC system.	yii\rbac\PhpManager
revoke()	Revokes a role from a user.	yii\rbac\PhpManager
revokeAll()	Revokes all roles from a user.	yii\rbac\PhpManager
setDefaultRoles()	Set default roles	yii\rbac\BaseManager
trigger()	Triggers an event.	yii\base\Component
update()	Updates the specified role, permission or rule in the system.	yii\rbac\BaseManager
updateRule()	Updates a rule to the RBAC system.	yii\rbac\PhpManager

Protected Methods

Hide inherited methods

Method	Description	Defined By
addItem()	Adds an auth item to the RBAC system.	yii\rbac\PhpManager
addRule()	Adds a rule to the RBAC system.	yii\rbac\PhpManager
checkAccessRecursive()	Performs access check for the specified user.	yii\rbac\PhpManager
detectLoop()	Checks whether there is a loop in the authorization item hierarchy.	yii\rbac\PhpManager
executeRule()	Executes the rule associated with the specified auth item.	yii\rbac\BaseManager
getChildrenRecursive()	Recursively finds all children and grand children of the specified item.	yii\rbac\PhpManager
getDirectPermissionsByUser()	Returns all permissions that are directly assigned to user.	yii\rbac\PhpManager
getInheritedPermissionsByUser()	Returns all permissions that the user inherits from the roles assigned to him.	yii\rbac\PhpManager
hasNoAssignments()	Checks whether array of $assignments is empty and $defaultRoles property is empty as well.	yii\rbac\BaseManager
invalidateScriptCache()	Invalidates precompiled script cache (such as OPCache or APC) for the given file.	yii\rbac\PhpManager
load()	Loads authorization data from persistent storage.	yii\rbac\PhpManager
loadFromFile()	Loads the authorization data from a PHP script file.	yii\rbac\PhpManager
removeAllItems()	Removes all auth items of the specified type.	yii\rbac\PhpManager
removeRule()	Removes a rule from the RBAC system.	yii\rbac\PhpManager
save()	Saves authorization data into persistent storage.	yii\rbac\PhpManager
saveAssignments()	Saves assignments data into persistent storage.	yii\rbac\PhpManager
saveItems()	Saves items data into persistent storage.	yii\rbac\PhpManager
saveRules()	Saves rules data into persistent storage.	yii\rbac\PhpManager
saveToFile()	Saves the authorization data to a PHP script file.	yii\rbac\PhpManager
updateItem()	Updates an auth item in the RBAC system.	yii\rbac\PhpManager

Property Details

$assignmentFile public property

The path of the PHP script that contains the authorization assignments. This can be either a file path or a path alias to the file. Make sure this file is writable by the Web server process if the authorization needs to be changed online.

Method Details

addChild() public method

Adds an item as a child of another item.

public boolean addChild ( $parent, $child )
$parent	yii\rbac\Item
$child	yii\rbac\Item
return	boolean	Whether the child successfully added
throws	yii\base\Exception	if the parent-child relationship already exists or if a loop has been detected.

addItem() protected method

Adds an auth item to the RBAC system.

protected boolean addItem ( $item )
$item	yii\rbac\Item	The item to add
return	boolean	Whether the auth item is successfully added to the system
throws	Exception	if data validation or saving fails (such as the name of the role or permission is not unique)

addRule() protected method

Adds a rule to the RBAC system.

protected boolean addRule ( $rule )
$rule	yii\rbac\Rule	The rule to add
return	boolean	Whether the rule is successfully added to the system
throws	Exception	if data validation or saving fails (such as the name of the rule is not unique)

assign() public method

Assigns a role to a user.

public yii\rbac\Assignment assign ( $role, $userId )
$role	yii\rbac\Role\|yii\rbac\Permission
$userId	string\|integer	The user ID (see yii\web\User::$id)
return	yii\rbac\Assignment	The role assignment information.
throws	Exception	if the role has already been assigned to the user

canAddChild() public method (available since version 2.0.8)

Checks the possibility of adding a child to parent.

public boolean canAddChild ( $parent, $child )
$parent	yii\rbac\Item	The parent item
$child	yii\rbac\Item	The child item to be added to the hierarchy
return	boolean	Possibility of adding

checkAccess() public method

public void checkAccess ( $userId, $permissionName, $params = [] )
$userId
$permissionName
$params

checkAccessRecursive() protected method

Performs access check for the specified user.

This method is internally called by checkAccess().

protected boolean checkAccessRecursive ( $user, $itemName, $params, $assignments )
$user	string\|integer	The user ID. This should can be either an integer or a string representing the unique identifier of a user. See yii\web\User::$id.
$itemName	string	The name of the operation that need access check
$params	array	Name-value pairs that would be passed to rules associated with the tasks and roles assigned to the user. A param with name 'user' is added to this array, which holds the value of `$userId`.
$assignments	yii\rbac\Assignment[]	The assignments to the specified user
return	boolean	Whether the operations can be performed by the user.

detectLoop() protected method

Checks whether there is a loop in the authorization item hierarchy.

protected boolean detectLoop ( $parent, $child )
$parent	yii\rbac\Item	Parent item
$child	yii\rbac\Item	The child item that is to be added to the hierarchy
return	boolean	Whether a loop exists

getAssignment() public method

Returns the assignment information regarding a role and a user.

public yii\rbac\Assignment\|null getAssignment ( $roleName, $userId )
$roleName	string	The role name
$userId	string\|integer	The user ID (see yii\web\User::$id)
return	yii\rbac\Assignment\|null	The assignment information. Null is returned if the role is not assigned to the user.

getAssignments() public method

Returns all role assignment information for the specified user.

public yii\rbac\Assignment[] getAssignments ( $userId )
$userId	string\|integer	The user ID (see yii\web\User::$id)
return	yii\rbac\Assignment[]	The assignments indexed by role names. An empty array will be returned if there is no role assigned to the user.

getChildRoles() public method (available since version 2.0.10)

Returns child roles of the role specified. Depth isn't limited.

public yii\rbac\Role[] getChildRoles ( $roleName )
$roleName	string	Name of the role to file child roles for
return	yii\rbac\Role[]	Child roles. The array is indexed by the role names. First element is an instance of the parent Role itself.
throws	yii\base\InvalidParamException	if Role was not found that are getting by $roleName

getChildren() public method

Returns the child permissions and/or roles.

public yii\rbac\Item[] getChildren ( $name )
$name	string	The parent name
return	yii\rbac\Item[]	The child permissions and/or roles

getChildrenRecursive() protected method

Recursively finds all children and grand children of the specified item.

protected void getChildrenRecursive ( $name, &$result )
$name	string	The name of the item whose children are to be looked for.
$result	array	The children and grand children (in array keys)

getDirectPermissionsByUser() protected method (available since version 2.0.7)

Returns all permissions that are directly assigned to user.

protected yii\rbac\Permission[] getDirectPermissionsByUser ( $userId )
$userId	string\|integer	The user ID (see yii\web\User::$id)
return	yii\rbac\Permission[]	All direct permissions that the user has. The array is indexed by the permission names.

getInheritedPermissionsByUser() protected method (available since version 2.0.7)

Returns all permissions that the user inherits from the roles assigned to him.

protected yii\rbac\Permission[] getInheritedPermissionsByUser ( $userId )
$userId	string\|integer	The user ID (see yii\web\User::$id)
return	yii\rbac\Permission[]	All inherited permissions that the user has. The array is indexed by the permission names.

getItem() public method

Returns the named auth item.

public yii\rbac\Item\|null getItem ( $name )
$name	string	The auth item name.
return	yii\rbac\Item\|null	The auth item corresponding to the specified name. Null is returned if no such item.

getItems() public method

Returns the items of the specified type.

public yii\rbac\Item[] getItems ( $type )
$type	integer	The auth item type (either yii\rbac\Item::TYPE_ROLE or yii\rbac\Item::TYPE_PERMISSION
return	yii\rbac\Item[]	The auth items of the specified type.

getPermissionsByRole() public method

Returns all permissions that the specified role represents.

public yii\rbac\Permission[] getPermissionsByRole ( $roleName )
$roleName	string	The role name
return	yii\rbac\Permission[]	All permissions that the role represents. The array is indexed by the permission names.

getPermissionsByUser() public method

Returns all permissions that the user has.

public yii\rbac\Permission[] getPermissionsByUser ( $userId )
$userId	string\|integer	The user ID (see yii\web\User::$id)
return	yii\rbac\Permission[]	All permissions that the user has. The array is indexed by the permission names.

getRolesByUser() public method

{@inheritdoc} The roles returned by this method include the roles assigned via $defaultRoles.

public void getRolesByUser ( $userId )
$userId

getRule() public method

Returns the rule of the specified name.

public yii\rbac\Rule\|null getRule ( $name )
$name	string	The rule name
return	yii\rbac\Rule\|null	The rule object, or null if the specified name does not correspond to a rule.

getRules() public method

Returns all rules available in the system.

public yii\rbac\Rule[] getRules ( )
return	yii\rbac\Rule[]	The rules indexed by the rule names

getUserIdsByRole() public method (available since version 2.0.7)

Returns all user IDs assigned to the role specified.

public array getUserIdsByRole ( $roleName )
$roleName	string
return	array	Array of user ID strings

hasChild() public method

Returns a value indicating whether the child already exists for the parent.

public boolean hasChild ( $parent, $child )
$parent	yii\rbac\Item
$child	yii\rbac\Item
return	boolean	Whether `$child` is already a child of `$parent`

init() public method

Initializes the application component.

This method overrides parent implementation by loading the authorization data from PHP script.

public void init ( )

invalidateScriptCache() protected method (available since version 2.0.9)

Invalidates precompiled script cache (such as OPCache or APC) for the given file.

protected void invalidateScriptCache ( $file )
$file	string	The file path.

load() protected method

Loads authorization data from persistent storage.

protected void load ( )

loadFromFile() protected method

Loads the authorization data from a PHP script file.

protected array loadFromFile ( $file )
$file	string	The file path.
return	array	The authorization data

protected void removeAllItems ( $type )
$type	integer	The auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE)

public boolean removeChild ( $parent, $child )
$parent	yii\rbac\Item
$child	yii\rbac\Item
return	boolean	Whether the removal is successful

public boolean removeChildren ( $parent )
$parent	yii\rbac\Item
return	boolean	Whether the removal is successful

public boolean removeItem ( $item )
$item	yii\rbac\Item	The item to remove
return	boolean	Whether the role or permission is successfully removed
throws	Exception	if data validation or saving fails (such as the name of the role or permission is not unique)

protected boolean removeRule ( $rule )
$rule	yii\rbac\Rule	The rule to remove
return	boolean	Whether the rule is successfully removed
throws	Exception	if data validation or saving fails (such as the name of the rule is not unique)

public boolean revoke ( $role, $userId )
$role	yii\rbac\Role\|yii\rbac\Permission
$userId	string\|integer	The user ID (see yii\web\User::$id)
return	boolean	Whether the revoking is successful

public boolean revokeAll ( $userId )
$userId	mixed	The user ID (see yii\web\User::$id)
return	boolean	Whether the revoking is successful

protected void saveToFile ( $data, $file )
$data	array	The authorization data
$file	string	The file path.

protected boolean updateItem ( $name, $item )
$name	string	The name of the item being updated
$item	yii\rbac\Item	The updated item
return	boolean	Whether the auth item is successfully updated
throws	Exception	if data validation or saving fails (such as the name of the role or permission is not unique)

public boolean updateRule ( $name, $rule )
$name	string	The name of the rule being updated
$rule	yii\rbac\Rule	The updated rule
return	boolean	Whether the rule is successfully updated
throws	Exception	if data validation or saving fails (such as the name of the rule is not unique)