Home » Documentation » Class Reference » CDbAuthManager

CDbAuthManager

Package	system.web.auth
Inheritance	class CDbAuthManager » CAuthManager » CApplicationComponent » CComponent
Implements	IAuthManager, IApplicationComponent
Since	1.0
Version	$Id: CDbAuthManager.php 2214 2010-06-18 21:00:42Z qiang.xue $

CDbAuthManager represents an authorization manager that stores authorization information in database.

The database connection is specified by connectionID. And the database schema should be as described in "framework/web/auth/schema.sql". You may change the names of the three tables used to store the authorization data by setting itemTable, itemChildTable and assignmentTable.

Public Properties

Hide inherited properties

Property	Type	Description	Defined By
assignmentTable	string	the name of the table storing authorization item assignments.	CDbAuthManager
authItems	array	Returns the authorization items of the specific type and user.	CDbAuthManager
behaviors	array	the behaviors that should be attached to this component.	CApplicationComponent
connectionID	string	the ID of the CDbConnection application component.	CDbAuthManager
db	CDbConnection	the database connection.	CDbAuthManager
defaultRoles	array	list of role names that are assigned to all users implicitly.	CAuthManager
isInitialized	boolean	whether this application component has been initialized (i.	CApplicationComponent
itemChildTable	string	the name of the table storing authorization item hierarchy.	CDbAuthManager
itemTable	string	the name of the table storing authorization items.	CDbAuthManager
operations	array	Returns operations.	CAuthManager
roles	array	Returns roles.	CAuthManager
showErrors	boolean	Enable error reporting for bizRules.	CAuthManager
tasks	array	Returns tasks.	CAuthManager

Protected Properties

Hide inherited properties

Property	Type	Description	Defined By
dbConnection	CDbConnection	the DB connection instance	CDbAuthManager

Public Methods

Hide inherited methods

Method	Description	Defined By
__call()	Calls the named method which is not a class method.	CComponent
__destruct()	Destructor.	CDbAuthManager
__get()	Returns a property value, an event handler list or a behavior based on its name.	CComponent
__isset()	Checks if a property value is null.	CComponent
__set()	Sets value of a component property.	CComponent
__unset()	Sets a component property to be null.	CComponent
addItemChild()	Adds an item as a child of another item.	CDbAuthManager
asa()	Returns the named behavior object.	CComponent
assign()	Assigns an authorization item to a user.	CDbAuthManager
attachBehavior()	Attaches a behavior to this component.	CComponent
attachBehaviors()	Attaches a list of behaviors to the component.	CComponent
attachEventHandler()	Attaches an event handler to an event.	CComponent
canGetProperty()	Determines whether a property can be read.	CComponent
canSetProperty()	Determines whether a property can be set.	CComponent
checkAccess()	Performs access check for the specified user.	CDbAuthManager
clearAll()	Removes all authorization data.	CDbAuthManager
clearAuthAssignments()	Removes all authorization assignments.	CDbAuthManager
createAuthItem()	Creates an authorization item.	CDbAuthManager
createOperation()	Creates an operation.	CAuthManager
createRole()	Creates a role.	CAuthManager
createTask()	Creates a task.	CAuthManager
detachBehavior()	Detaches a behavior from the component.	CComponent
detachBehaviors()	Detaches all behaviors from the component.	CComponent
detachEventHandler()	Detaches an existing event handler.	CComponent
disableBehavior()	Disables an attached behavior.	CComponent
disableBehaviors()	Disables all behaviors attached to this component.	CComponent
enableBehavior()	Enables an attached behavior.	CComponent
enableBehaviors()	Enables all behaviors attached to this component.	CComponent
evaluateExpression()	Evaluates a PHP expression or callback under the context of this component.	CComponent
executeBizRule()	Executes the specified business rule.	CAuthManager
getAuthAssignment()	Returns the item assignment information.	CDbAuthManager
getAuthAssignments()	Returns the item assignments for the specified user.	CDbAuthManager
getAuthItem()	Returns the authorization item with the specified name.	CDbAuthManager
getAuthItems()	Returns the authorization items of the specific type and user.	CDbAuthManager
getEventHandlers()	Returns the list of attached event handlers for an event.	CComponent
getIsInitialized()		CApplicationComponent
getItemChildren()	Returns the children of the specified item.	CDbAuthManager
getOperations()	Returns operations.	CAuthManager
getRoles()	Returns roles.	CAuthManager
getTasks()	Returns tasks.	CAuthManager
hasEvent()	Determines whether an event is defined.	CComponent
hasEventHandler()	Checks whether the named event has attached handlers.	CComponent
hasItemChild()	Returns a value indicating whether a child exists within a parent.	CDbAuthManager
hasProperty()	Determines whether a property is defined.	CComponent
init()	Initializes the application component.	CDbAuthManager
isAssigned()	Returns a value indicating whether the item has been assigned to the user.	CDbAuthManager
raiseEvent()	Raises an event.	CComponent
removeAuthItem()	Removes the specified authorization item.	CDbAuthManager
removeItemChild()	Removes a child from its parent.	CDbAuthManager
revoke()	Revokes an authorization assignment from a user.	CDbAuthManager
save()	Saves the authorization data to persistent storage.	CDbAuthManager
saveAuthAssignment()	Saves the changes to an authorization assignment.	CDbAuthManager
saveAuthItem()	Saves an authorization item to persistent storage.	CDbAuthManager

Protected Methods

Hide inherited methods

Method	Description	Defined By
checkAccessRecursive()	Performs access check for the specified user.	CDbAuthManager
checkItemChildType()	Checks the item types to make sure a child can be added to a parent.	CAuthManager
detectLoop()	Checks whether there is a loop in the authorization item hierarchy.	CDbAuthManager
getDbConnection()		CDbAuthManager
usingSqlite()		CDbAuthManager

Property Details

assignmentTable property

public string $assignmentTable;

the name of the table storing authorization item assignments. Defaults to 'AuthAssignment'.

authItems property read-only

public array getAuthItems(integer $type=NULL, mixed $userId=NULL)

Returns the authorization items of the specific type and user.

connectionID property

public string $connectionID;

the ID of the CDbConnection application component. Defaults to 'db'. The database must have the tables as declared in "framework/web/auth/schema.sql".

db property

public CDbConnection $db;

the database connection. By default, this is initialized automatically as the application component whose ID is indicated as connectionID.

dbConnection property read-only

protected CDbConnection getDbConnection()

the DB connection instance

itemChildTable property

public string $itemChildTable;

the name of the table storing authorization item hierarchy. Defaults to 'AuthItemChild'.

itemTable property

public string $itemTable;

the name of the table storing authorization items. Defaults to 'AuthItem'.

Method Details

__destruct() method

public void __destruct()

Destructor. Disconnect the db connection.

addItemChild() method

public void addItemChild(string $itemName, string $childName)
$itemName	string	the parent item name
$childName	string	the child item name

Adds an item as a child of another item.

assign() method

public CAuthAssignment assign(string $itemName, mixed $userId, string $bizRule=NULL, mixed $data=NULL)
$itemName	string	the item name
$userId	mixed	the user ID (see IWebUser::getId)
$bizRule	string	the business rule to be executed when checkAccess is called for this particular authorization item.
$data	mixed	additional data associated with this assignment
{return}	CAuthAssignment	the authorization assignment information.

Assigns an authorization item to a user.

checkAccess() method

public boolean checkAccess(string $itemName, mixed $userId, array $params=array ( ))
$itemName	string	the name of the operation that need access check
$userId	mixed	the user ID. This should can be either an integer and a string representing the unique identifier of a user. See IWebUser::getId.
$params	array	name-value pairs that would be passed to biz rules associated with the tasks and roles assigned to the user.
{return}	boolean	whether the operations can be performed by the user.

Performs access check for the specified user.

checkAccessRecursive() method (available since v1.1.3)

protected boolean checkAccessRecursive(string $itemName, mixed $userId, array $params, array $assignments)
$itemName	string	the name of the operation that need access check
$userId	mixed	the user ID. This should can be either an integer and a string representing the unique identifier of a user. See IWebUser::getId.
$params	array	name-value pairs that would be passed to biz rules associated with the tasks and roles assigned to the user.
$assignments	array	the assignments to the specified user
{return}	boolean	whether the operations can be performed by the user.

Performs access check for the specified user. This method is internally called by checkAccess.

clearAll() method

public void clearAll()

Removes all authorization data.

clearAuthAssignments() method

public void clearAuthAssignments()

Removes all authorization assignments.

createAuthItem() method

public CAuthItem createAuthItem(string $name, integer $type, string $description='', string $bizRule=NULL, mixed $data=NULL)
$name	string	the item name. This must be a unique identifier.
$type	integer	the item type (0: operation, 1: task, 2: role).
$description	string	description of the item
$bizRule	string	business rule associated with the item. This is a piece of PHP code that will be executed when checkAccess is called for the item.
$data	mixed	additional data associated with the item.
{return}	CAuthItem	the authorization item

Creates an authorization item. An authorization item represents an action permission (e.g. creating a post). It has three types: operation, task and role. Authorization items form a hierarchy. Higher level items inheirt permissions representing by lower level items.

detectLoop() method

protected boolean detectLoop(string $itemName, string $childName)
$itemName	string	parent item name
$childName	string	the name of the child item that is to be added to the hierarchy
{return}	boolean	whether a loop exists

Checks whether there is a loop in the authorization item hierarchy.

getAuthAssignment() method

public CAuthAssignment getAuthAssignment(string $itemName, mixed $userId)
$itemName	string	the item name
$userId	mixed	the user ID (see IWebUser::getId)
{return}	CAuthAssignment	the item assignment information. Null is returned if the item is not assigned to the user.

Returns the item assignment information.

getAuthAssignments() method

public array getAuthAssignments(mixed $userId)
$userId	mixed	the user ID (see IWebUser::getId)
{return}	array	the item assignment information for the user. An empty array will be returned if there is no item assigned to the user.

Returns the item assignments for the specified user.

getAuthItem() method

public CAuthItem getAuthItem(string $name)
$name	string	the name of the item
{return}	CAuthItem	the authorization item. Null if the item cannot be found.

Returns the authorization item with the specified name.

getAuthItems() method

public array getAuthItems(integer $type=NULL, mixed $userId=NULL)
$type	integer	the item type (0: operation, 1: task, 2: role). Defaults to null, meaning returning all items regardless of their type.
$userId	mixed	the user ID. Defaults to null, meaning returning all items even if they are not assigned to a user.
{return}	array	the authorization items of the specific type.

Returns the authorization items of the specific type and user.

getDbConnection() method

protected CDbConnection getDbConnection()
{return}	CDbConnection	the DB connection instance

getItemChildren() method

public array getItemChildren(mixed $names)
$names	mixed	the parent item name. This can be either a string or an array. The latter represents a list of item names (available since version 1.0.5).
{return}	array	all child items of the parent

Returns the children of the specified item.

hasItemChild() method

public boolean hasItemChild(string $itemName, string $childName)
$itemName	string	the parent item name
$childName	string	the child item name
{return}	boolean	whether the child exists

Returns a value indicating whether a child exists within a parent.

init() method

public void init()

Initializes the application component. This method overrides the parent implementation by establishing the database connection.

isAssigned() method

public boolean isAssigned(string $itemName, mixed $userId)
$itemName	string	the item name
$userId	mixed	the user ID (see IWebUser::getId)
{return}	boolean	whether the item has been assigned to the user.

Returns a value indicating whether the item has been assigned to the user.

removeAuthItem() method

public boolean removeAuthItem(string $name)
$name	string	the name of the item to be removed
{return}	boolean	whether the item exists in the storage and has been removed

Removes the specified authorization item.

removeItemChild() method

public boolean removeItemChild(string $itemName, string $childName)
$itemName	string	the parent item name
$childName	string	the child item name
{return}	boolean	whether the removal is successful

Removes a child from its parent. Note, the child item is not deleted. Only the parent-child relationship is removed.

revoke() method

public boolean revoke(string $itemName, mixed $userId)
$itemName	string	the item name
$userId	mixed	the user ID (see IWebUser::getId)
{return}	boolean	whether removal is successful

Revokes an authorization assignment from a user.

save() method

public void save()

Saves the authorization data to persistent storage.

saveAuthAssignment() method

public void saveAuthAssignment(CAuthAssignment $assignment)
$assignment	CAuthAssignment	the assignment that has been changed.

Saves the changes to an authorization assignment.

saveAuthItem() method

public void saveAuthItem(CAuthItem $item, string $oldName=NULL)
$item	CAuthItem	the item to be saved.
$oldName	string	the old item name. If null, it means the item name is not changed.

Saves an authorization item to persistent storage.

usingSqlite() method

protected boolean usingSqlite()
{return}	boolean	whether the database is a SQLite database