Versions
Look up a class, method, property or event

IAuthManager

Package system.base
Inheritance interface IAuthManager
Subclasses CAuthManager, CDbAuthManager, CPhpAuthManager
Since 1.0
Version $Id: interfaces.php 1290 2009-08-06 16:13:11Z qiang.xue $
IAuthManager interface is implemented by an auth manager application component.

An auth manager is mainly responsible for providing role-based access control (RBAC) service.

Public Methods

Hide inherited methods

MethodDescriptionDefined By
addItemChild() Adds an item as a child of another item. IAuthManager
assign() Assigns an authorization item to a user. IAuthManager
checkAccess() Performs access check for the specified user. IAuthManager
clearAll() Removes all authorization data. IAuthManager
clearAuthAssignments() Removes all authorization assignments. IAuthManager
createAuthItem() Creates an authorization item. IAuthManager
executeBizRule() Executes a business rule. IAuthManager
getAuthAssignment() Returns the item assignment information. IAuthManager
getAuthAssignments() Returns the item assignments for the specified user. IAuthManager
getAuthItem() Returns the authorization item with the specified name. IAuthManager
getAuthItems() Returns the authorization items of the specific type and user. IAuthManager
getItemChildren() Returns the children of the specified item. IAuthManager
hasItemChild() Returns a value indicating whether a child exists within a parent. IAuthManager
isAssigned() Returns a value indicating whether the item has been assigned to the user. IAuthManager
removeAuthItem() Removes the specified authorization item. IAuthManager
removeItemChild() Removes a child from its parent. IAuthManager
revoke() Revokes an authorization assignment from a user. IAuthManager
save() Saves authorization data into persistent storage. IAuthManager
saveAuthAssignment() Saves the changes to an authorization assignment. IAuthManager
saveAuthItem() Saves an authorization item to persistent storage. IAuthManager

Method Details

addItemChild() method
abstract public void addItemChild(string $itemName, string $childName)
$itemName string the parent item name
$childName string the child item name

Adds an item as a child of another item.

assign() method
abstract public CAuthAssignment assign(string $itemName, mixed $userId, string $bizRule=NULL, mixed $data=NULL)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
$bizRule string the business rule to be executed when checkAccess is called for this particular authorization item.
$data mixed additional data associated with this assignment
{return} CAuthAssignment the authorization assignment information.

Assigns an authorization item to a user.

checkAccess() method
abstract public boolean checkAccess(string $itemName, mixed $userId, array $params=array ( ))
$itemName string the name of the operation that need access check
$userId mixed the user ID. This should can be either an integer and a string representing the unique identifier of a user. See IWebUser::getId.
$params array name-value pairs that would be passed to biz rules associated with the tasks and roles assigned to the user.
{return} boolean whether the operations can be performed by the user.

Performs access check for the specified user.

clearAll() method
abstract public void clearAll()

Removes all authorization data.

clearAuthAssignments() method
abstract public void clearAuthAssignments()

Removes all authorization assignments.

createAuthItem() method
abstract public CAuthItem createAuthItem(string $name, integer $type, string $description='', string $bizRule=NULL, mixed $data=NULL)
$name string the item name. This must be a unique identifier.
$type integer the item type (0: operation, 1: task, 2: role).
$description string description of the item
$bizRule string business rule associated with the item. This is a piece of PHP code that will be executed when checkAccess is called for the item.
$data mixed additional data associated with the item.
{return} CAuthItem the authorization item

Creates an authorization item. An authorization item represents an action permission (e.g. creating a post). It has three types: operation, task and role. Authorization items form a hierarchy. Higher level items inheirt permissions representing by lower level items.

executeBizRule() method
abstract public whether executeBizRule(string $bizRule, array $params, mixed $data)
$bizRule string the business rule to be executed.
$params array additional parameters to be passed to the business rule when being executed.
$data mixed additional data that is associated with the corresponding authorization item or assignment
{return} whether the execution returns a true value. If the business rule is empty, it will also return true.

Executes a business rule. A business rule is a piece of PHP code that will be executed when checkAccess is called.

getAuthAssignment() method
abstract public CAuthAssignment getAuthAssignment(string $itemName, mixed $userId)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
{return} CAuthAssignment the item assignment information. Null is returned if the item is not assigned to the user.

Returns the item assignment information.

getAuthAssignments() method
abstract public array getAuthAssignments(mixed $userId)
$userId mixed the user ID (see IWebUser::getId)
{return} array the item assignment information for the user. An empty array will be returned if there is no item assigned to the user.

Returns the item assignments for the specified user.

getAuthItem() method
abstract public CAuthItem getAuthItem(string $name)
$name string the name of the item
{return} CAuthItem the authorization item. Null if the item cannot be found.

Returns the authorization item with the specified name.

getAuthItems() method
abstract public array getAuthItems(integer $type=NULL, mixed $userId=NULL)
$type integer the item type (0: operation, 1: task, 2: role). Defaults to null, meaning returning all items regardless of their type.
$userId mixed the user ID. Defaults to null, meaning returning all items even if they are not assigned to a user.
{return} array the authorization items of the specific type.

Returns the authorization items of the specific type and user.

getItemChildren() method
abstract public array getItemChildren(mixed $itemName)
$itemName mixed the parent item name. This can be either a string or an array. The latter represents a list of item names (available since version 1.0.5).
{return} array all child items of the parent

Returns the children of the specified item.

hasItemChild() method
abstract public boolean hasItemChild(string $itemName, string $childName)
$itemName string the parent item name
$childName string the child item name
{return} boolean whether the child exists

Returns a value indicating whether a child exists within a parent.

isAssigned() method
abstract public boolean isAssigned(string $itemName, mixed $userId)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
{return} boolean whether the item has been assigned to the user.

Returns a value indicating whether the item has been assigned to the user.

removeAuthItem() method
abstract public boolean removeAuthItem(string $name)
$name string the name of the item to be removed
{return} boolean whether the item exists in the storage and has been removed

Removes the specified authorization item.

removeItemChild() method
abstract public boolean removeItemChild(string $itemName, string $childName)
$itemName string the parent item name
$childName string the child item name
{return} boolean whether the removal is successful

Removes a child from its parent. Note, the child item is not deleted. Only the parent-child relationship is removed.

revoke() method
abstract public boolean revoke(string $itemName, mixed $userId)
$itemName string the item name
$userId mixed the user ID (see IWebUser::getId)
{return} boolean whether removal is successful

Revokes an authorization assignment from a user.

save() method
abstract public void save()

Saves authorization data into persistent storage. If any change is made to the authorization data, please make sure you call this method to save the changed data into persistent storage.

saveAuthAssignment() method
abstract public void saveAuthAssignment(CAuthAssignment $assignment)
$assignment CAuthAssignment the assignment that has been changed.

Saves the changes to an authorization assignment.

saveAuthItem() method
abstract public void saveAuthItem(CAuthItem $item, string $oldName=NULL)
$item CAuthItem the item to be saved.
$oldName string the old item name. If null, it means the item name is not changed.

Saves an authorization item to persistent storage.

Be the first person to leave a comment

Please to leave your comment.