Final Class Yiisoft\Rbac\Manager
| Inheritance | Yiisoft\Rbac\Manager |
|---|---|
| Implements | Yiisoft\Rbac\ManagerInterface |
Helps to manage RBAC hierarchy and check for permissions.
Public Methods
Method Details
| public __construct( Yiisoft\Rbac\ItemsStorageInterface $itemsStorage, Yiisoft\Rbac\AssignmentsStorageInterface $assignmentsStorage, Yiisoft\Rbac\RuleFactoryInterface|null $ruleFactory = null, boolean $enableDirectPermissions = false, boolean $includeRolesInAccessChecks = false, \Psr\Clock\ClockInterface|null $clock = null ): mixed | ||
| $itemsStorage | Yiisoft\Rbac\ItemsStorageInterface |
Items storage. |
| $assignmentsStorage | Yiisoft\Rbac\AssignmentsStorageInterface |
Assignments storage. |
| $ruleFactory | Yiisoft\Rbac\RuleFactoryInterface|null |
Rule factory. |
| $enableDirectPermissions | boolean |
Whether to enable assigning permissions directly to user. Prefer assigning roles only. |
| $includeRolesInAccessChecks | boolean |
Whether to include roles (in addition to permissions) during access checks in Yiisoft\Rbac\Manager::userHasPermission(). |
| $clock | \Psr\Clock\ClockInterface|null |
Instance of |
public function __construct(
private readonly ItemsStorageInterface $itemsStorage,
private readonly AssignmentsStorageInterface $assignmentsStorage,
?RuleFactoryInterface $ruleFactory = null,
private readonly bool $enableDirectPermissions = false,
private readonly bool $includeRolesInAccessChecks = false,
private readonly ?ClockInterface $clock = null,
) {
$this->ruleFactory = $ruleFactory ?? new SimpleRuleFactory();
}
| public addChild( string $parentName, string $childName ): self | ||
| $parentName | string | |
| $childName | string | |
public function addChild(string $parentName, string $childName): self
{
$this->assertFutureChild($parentName, $childName);
$this->itemsStorage->addChild($parentName, $childName);
return $this;
}
| public addPermission( Yiisoft\Rbac\Permission $permission ): self | ||
| $permission | Yiisoft\Rbac\Permission | |
public function addPermission(Permission $permission): self
{
$this->addItem($permission);
return $this;
}
| public addRole( Yiisoft\Rbac\Role $role ): self | ||
| $role | Yiisoft\Rbac\Role | |
public function addRole(Role $role): self
{
$this->addItem($role);
return $this;
}
| public assign( string $itemName, integer|\Stringable|string $userId, integer|null $createdAt = null ): self | ||
| $itemName | string | |
| $userId | integer|\Stringable|string | |
| $createdAt | integer|null | |
public function assign(string $itemName, int|Stringable|string $userId, ?int $createdAt = null): self
{
$userId = (string) $userId;
$item = $this->itemsStorage->get($itemName);
if ($item === null) {
throw new InvalidArgumentException("There is no item named \"$itemName\".");
}
if (!$this->enableDirectPermissions && $item->getType() === Item::TYPE_PERMISSION) {
throw new InvalidArgumentException(
'Assigning permissions directly is disabled. Prefer assigning roles only.',
);
}
if ($this->assignmentsStorage->exists($itemName, $userId)) {
return $this;
}
$assignment = new Assignment($userId, $itemName, $createdAt ?? $this->getCurrentTimestamp());
$this->assignmentsStorage->add($assignment);
return $this;
}
| public canAddChild( string $parentName, string $childName ): boolean | ||
| $parentName | string | |
| $childName | string | |
public function canAddChild(string $parentName, string $childName): bool
{
try {
$this->assertFutureChild($parentName, $childName);
} catch (RuntimeException) {
return false;
}
return true;
}
| public getChildRoles( string $roleName ): array | ||
| $roleName | string | |
public function getChildRoles(string $roleName): array
{
if (!$this->itemsStorage->roleExists($roleName)) {
throw new InvalidArgumentException("Role \"$roleName\" not found.");
}
return $this->itemsStorage->getAllChildRoles($roleName);
}
| public getDefaultRoleNames( ): array |
public function getDefaultRoleNames(): array
{
return $this->defaultRoleNames;
}
| public getDefaultRoles( ): array |
public function getDefaultRoles(): array
{
return $this->filterStoredRoles($this->defaultRoleNames);
}
| public getGuestRole( ): Yiisoft\Rbac\Role|null |
public function getGuestRole(): ?Role
{
if ($this->guestRoleName === null) {
return null;
}
$role = $this->getRole($this->guestRoleName);
if ($role === null) {
throw new RuntimeException("Guest role with name \"$this->guestRoleName\" does not exist.");
}
return $role;
}
| public getGuestRoleName( ): string|null |
public function getGuestRoleName(): ?string
{
return $this->guestRoleName;
}
| public getItemsByUserId( integer|\Stringable|string $userId ): array | ||
| $userId | integer|\Stringable|string | |
public function getItemsByUserId(int|Stringable|string $userId): array
{
$userId = (string) $userId;
$assignments = $this->assignmentsStorage->getByUserId($userId);
$assignmentNames = array_keys($assignments);
return array_merge(
$this->getDefaultRoles(),
$this->itemsStorage->getByNames($assignmentNames),
$this->itemsStorage->getAllChildren($assignmentNames),
);
}
| public getPermission( string $name ): Yiisoft\Rbac\Permission|null | ||
| $name | string | |
public function getPermission(string $name): ?Permission
{
return $this->itemsStorage->getPermission($name);
}
| public getPermissionsByRoleName( string $roleName ): array | ||
| $roleName | string | |
public function getPermissionsByRoleName(string $roleName): array
{
return $this->itemsStorage->getAllChildPermissions($roleName);
}
| public getPermissionsByUserId( integer|\Stringable|string $userId ): array | ||
| $userId | integer|\Stringable|string | |
public function getPermissionsByUserId(int|Stringable|string $userId): array
{
$userId = (string) $userId;
$assignments = $this->assignmentsStorage->getByUserId($userId);
if (empty($assignments)) {
return [];
}
$assignmentNames = array_keys($assignments);
return array_merge(
$this->itemsStorage->getPermissionsByNames($assignmentNames),
$this->itemsStorage->getAllChildPermissions($assignmentNames),
);
}
| public getRole( string $name ): Yiisoft\Rbac\Role|null | ||
| $name | string | |
public function getRole(string $name): ?Role
{
return $this->itemsStorage->getRole($name);
}
| public getRolesByUserId( integer|\Stringable|string $userId ): array | ||
| $userId | integer|\Stringable|string | |
public function getRolesByUserId(int|Stringable|string $userId): array
{
$userId = (string) $userId;
$assignments = $this->assignmentsStorage->getByUserId($userId);
$assignmentNames = array_keys($assignments);
return array_merge(
$this->getDefaultRoles(),
$this->itemsStorage->getRolesByNames($assignmentNames),
$this->itemsStorage->getAllChildRoles($assignmentNames),
);
}
| public getUserIdsByRoleName( string $roleName ): array | ||
| $roleName | string | |
public function getUserIdsByRoleName(string $roleName): array
{
$roleNames = [$roleName, ...array_keys($this->itemsStorage->getParents($roleName))];
return array_map(
static fn(Assignment $assignment): string => $assignment->getUserId(),
$this->assignmentsStorage->getByItemNames($roleNames),
);
}
| public hasChild( string $parentName, string $childName ): boolean | ||
| $parentName | string | |
| $childName | string | |
public function hasChild(string $parentName, string $childName): bool
{
return $this->itemsStorage->hasDirectChild($parentName, $childName);
}
| public hasChildren( string $parentName ): boolean | ||
| $parentName | string | |
public function hasChildren(string $parentName): bool
{
return $this->itemsStorage->hasChildren($parentName);
}
| public removeChild( string $parentName, string $childName ): self | ||
| $parentName | string | |
| $childName | string | |
public function removeChild(string $parentName, string $childName): self
{
$this->itemsStorage->removeChild($parentName, $childName);
return $this;
}
| public removeChildren( string $parentName ): self | ||
| $parentName | string | |
public function removeChildren(string $parentName): self
{
$this->itemsStorage->removeChildren($parentName);
return $this;
}
| public removePermission( string $name ): self | ||
| $name | string | |
public function removePermission(string $name): self
{
$this->removeItem($name);
return $this;
}
| public removeRole( string $name ): self | ||
| $name | string | |
public function removeRole(string $name): self
{
$this->removeItem($name);
return $this;
}
| public revoke( string $itemName, integer|\Stringable|string $userId ): self | ||
| $itemName | string | |
| $userId | integer|\Stringable|string | |
public function revoke(string $itemName, int|Stringable|string $userId): self
{
$this->assignmentsStorage->remove($itemName, (string) $userId);
return $this;
}
| public revokeAll( integer|\Stringable|string $userId ): self | ||
| $userId | integer|\Stringable|string | |
public function revokeAll(int|Stringable|string $userId): self
{
$this->assignmentsStorage->removeByUserId((string) $userId);
return $this;
}
| public setDefaultRoleNames( array|Closure $roleNames ): self | ||
| $roleNames | array|Closure | |
public function setDefaultRoleNames(array|Closure $roleNames): self
{
$this->defaultRoleNames = $this->getDefaultRoleNamesForUpdate($roleNames);
return $this;
}
| public setGuestRoleName( string|null $name ): self | ||
| $name | string|null | |
public function setGuestRoleName(?string $name): self
{
$this->guestRoleName = $name;
return $this;
}
| public updatePermission( string $name, Yiisoft\Rbac\Permission $permission ): self | ||
| $name | string | |
| $permission | Yiisoft\Rbac\Permission | |
public function updatePermission(string $name, Permission $permission): self
{
$this->assertItemNameForUpdate($permission, $name);
$this->itemsStorage->update($name, $permission);
$this->assignmentsStorage->renameItem($name, $permission->getName());
return $this;
}
| public updateRole( string $name, Yiisoft\Rbac\Role $role ): self | ||
| $name | string | |
| $role | Yiisoft\Rbac\Role | |
public function updateRole(string $name, Role $role): self
{
$this->assertItemNameForUpdate($role, $name);
$this->itemsStorage->update($name, $role);
$this->assignmentsStorage->renameItem($name, $role->getName());
return $this;
}
| public userHasPermission( integer|string|\Stringable|null $userId, string $permissionName, array $parameters = [] ): boolean | ||
| $userId | integer|string|\Stringable|null | |
| $permissionName | string | |
| $parameters | array | |
public function userHasPermission(
int|string|Stringable|null $userId,
string $permissionName,
array $parameters = [],
): bool {
$item = $this->itemsStorage->get($permissionName);
if ($item === null) {
return false;
}
if (!$this->includeRolesInAccessChecks && $item->getType() === Item::TYPE_ROLE) {
return false;
}
if ($userId !== null) {
$guestRole = null;
} else {
$guestRole = $this->getGuestRole();
if ($guestRole === null) {
return false;
}
}
$hierarchy = $this->itemsStorage->getHierarchy($item->getName());
$itemNames = array_map(static fn(array $treeItem): string => $treeItem['item']->getName(), $hierarchy);
$userItemNames = $guestRole !== null
? [$guestRole->getName()]
: $this->filterUserItemNames((string) $userId, $itemNames);
$userItemNamesMap = [];
foreach ($userItemNames as $userItemName) {
$userItemNamesMap[$userItemName] = null;
}
foreach ($hierarchy as $data) {
if (
!array_key_exists($data['item']->getName(), $userItemNamesMap)
|| !$this->executeRule($userId === null ? $userId : (string) $userId, $data['item'], $parameters)
) {
continue;
}
$hasPermission = true;
foreach ($data['children'] as $childItem) {
if (!$this->executeRule($userId === null ? $userId : (string) $userId, $childItem, $parameters)) {
$hasPermission = false;
/**
* @infection-ignore-all Break_
* Replacing with `continue` works as well, but there is no point in further checks, because at
* least one failed rule execution means access is not granted via current iterated hierarchy
* branch.
*/
break;
}
}
if ($hasPermission) {
return true;
}
}
return false;
}
Signup or Login in order to comment.