Item.php 7.33 KB
Newer Older
1 2 3 4 5 6 7
<?php
/**
 * @link http://www.yiiframework.com/
 * @copyright Copyright (c) 2008 Yii Software LLC
 * @license http://www.yiiframework.com/license/
 */

8
namespace yii\rbac;
9 10 11 12 13

use Yii;
use yii\base\Object;

/**
14 15 16 17 18 19 20
 * Item represents an authorization item.
 * An authorization item can be an operation, a task or a role.
 * They form an authorization hierarchy. Items on higher levels of the hierarchy
 * inherit the permissions represented by items on lower levels.
 * A user may be assigned one or several authorization items (called [[Assignment]] assignments).
 * He can perform an operation only when it is among his assigned items.
 *
21
 * @property Manager $authManager The authorization manager.
22 23 24 25 26 27
 * @property integer $type The authorization item type. This could be 0 (operation), 1 (task) or 2 (role).
 * @property string $name The item name.
 * @property string $description The item description.
 * @property string $bizRule The business rule associated with this item.
 * @property mixed $data The additional data associated with this item.
 * @property array $children All child items of this item.
28 29 30 31 32
 *
 * @author Qiang Xue <qiang.xue@gmail.com>
 * @author Alexander Kochetov <creocoder@gmail.com>
 * @since 2.0
 */
33
class Item extends Object
34 35 36 37 38 39 40 41 42 43 44 45 46 47
{
	const TYPE_OPERATION = 0;
	const TYPE_TASK = 1;
	const TYPE_ROLE = 2;

	private $_auth;
	private $_type;
	private $_name;
	private $_description;
	private $_bizRule;
	private $_data;

	/**
	 * Constructor.
48
	 * @param Manager $auth authorization manager
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67
	 * @param string $name authorization item name
	 * @param integer $type authorization item type. This can be 0 (operation), 1 (task) or 2 (role).
	 * @param string $description the description
	 * @param string $bizRule the business rule associated with this item
	 * @param mixed $data additional data for this item
	 */
	public function __construct($auth, $name, $type, $description = '', $bizRule = null, $data = null)
	{
		$this->_type = (int)$type;
		$this->_auth = $auth;
		$this->_name = $name;
		$this->_description = $description;
		$this->_bizRule = $bizRule;
		$this->_data = $data;
	}

	/**
	 * Checks to see if the specified item is within the hierarchy starting from this item.
	 * This method is expected to be internally used by the actual implementations
68
	 * of the [[Manager::checkAccess()]].
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
	 * @param string $itemName the name of the item to be checked
	 * @param array $params the parameters to be passed to business rule evaluation
	 * @return boolean whether the specified item is within the hierarchy starting from this item.
	 */
	public function checkAccess($itemName, $params = array())
	{
		Yii::trace('Checking permission: ' . $this->_name, __METHOD__);
		if ($this->_auth->executeBizRule($this->_bizRule, $params, $this->_data)) {
			if ($this->_name == $itemName) {
				return true;
			}
			foreach ($this->_auth->getItemChildren($this->_name) as $item) {
				if ($item->checkAccess($itemName, $params)) {
					return true;
				}
			}
		}
		return false;
	}

	/**
90
	 * @return Manager the authorization manager
91
	 */
92
	public function getManager()
93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
	{
		return $this->_auth;
	}

	/**
	 * @return integer the authorization item type. This could be 0 (operation), 1 (task) or 2 (role).
	 */
	public function getType()
	{
		return $this->_type;
	}

	/**
	 * @return string the item name
	 */
	public function getName()
	{
		return $this->_name;
	}

	/**
	 * @param string $value the item name
	 */
	public function setName($value)
	{
		if ($this->_name !== $value) {
			$oldName = $this->_name;
			$this->_name = $value;
121
			$this->_auth->saveItem($this, $oldName);
122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139
		}
	}

	/**
	 * @return string the item description
	 */
	public function getDescription()
	{
		return $this->_description;
	}

	/**
	 * @param string $value the item description
	 */
	public function setDescription($value)
	{
		if ($this->_description !== $value) {
			$this->_description = $value;
140
			$this->_auth->saveItem($this);
141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158
		}
	}

	/**
	 * @return string the business rule associated with this item
	 */
	public function getBizRule()
	{
		return $this->_bizRule;
	}

	/**
	 * @param string $value the business rule associated with this item
	 */
	public function setBizRule($value)
	{
		if ($this->_bizRule !== $value) {
			$this->_bizRule = $value;
159
			$this->_auth->saveItem($this);
160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177
		}
	}

	/**
	 * @return mixed the additional data associated with this item
	 */
	public function getData()
	{
		return $this->_data;
	}

	/**
	 * @param mixed $value the additional data associated with this item
	 */
	public function setData($value)
	{
		if ($this->_data !== $value) {
			$this->_data = $value;
178
			$this->_auth->saveItem($this);
179 180 181 182 183 184 185 186
		}
	}

	/**
	 * Adds a child item.
	 * @param string $name the name of the child item
	 * @return boolean whether the item is added successfully
	 * @throws \yii\base\Exception if either parent or child doesn't exist or if a loop has been detected.
187
	 * @see Manager::addItemChild
188 189 190 191 192 193 194 195 196 197 198
	 */
	public function addChild($name)
	{
		return $this->_auth->addItemChild($this->_name, $name);
	}

	/**
	 * Removes a child item.
	 * Note, the child item is not deleted. Only the parent-child relationship is removed.
	 * @param string $name the child item name
	 * @return boolean whether the removal is successful
199
	 * @see Manager::removeItemChild
200 201 202 203 204 205 206 207 208 209
	 */
	public function removeChild($name)
	{
		return $this->_auth->removeItemChild($this->_name, $name);
	}

	/**
	 * Returns a value indicating whether a child exists
	 * @param string $name the child item name
	 * @return boolean whether the child exists
210
	 * @see Manager::hasItemChild
211 212 213 214 215 216 217 218
	 */
	public function hasChild($name)
	{
		return $this->_auth->hasItemChild($this->_name, $name);
	}

	/**
	 * Returns the children of this item.
219
	 * @return Item[] all child items of this item.
220
	 * @see Manager::getItemChildren
221 222 223 224 225 226 227 228 229 230 231 232
	 */
	public function getChildren()
	{
		return $this->_auth->getItemChildren($this->_name);
	}

	/**
	 * Assigns this item to a user.
	 * @param mixed $userId the user ID (see [[User::id]])
	 * @param string $bizRule the business rule to be executed when [[checkAccess()]] is called
	 * for this particular authorization item.
	 * @param mixed $data additional data associated with this assignment
233
	 * @return Assignment the authorization assignment information.
234
	 * @throws \yii\base\Exception if the item has already been assigned to the user
235
	 * @see Manager::assign
236 237 238
	 */
	public function assign($userId, $bizRule = null, $data = null)
	{
239
		return $this->_auth->assign($userId, $this->_name, $bizRule, $data);
240 241 242 243 244 245
	}

	/**
	 * Revokes an authorization assignment from a user.
	 * @param mixed $userId the user ID (see [[User::id]])
	 * @return boolean whether removal is successful
246
	 * @see Manager::revoke
247 248 249
	 */
	public function revoke($userId)
	{
250
		return $this->_auth->revoke($userId, $this->_name);
251 252 253 254 255 256
	}

	/**
	 * Returns a value indicating whether this item has been assigned to the user.
	 * @param mixed $userId the user ID (see [[User::id]])
	 * @return boolean whether the item has been assigned to the user.
257
	 * @see Manager::isAssigned
258 259 260
	 */
	public function isAssigned($userId)
	{
261
		return $this->_auth->isAssigned($userId, $this->_name);
262 263 264 265 266
	}

	/**
	 * Returns the item assignment information.
	 * @param mixed $userId the user ID (see [[User::id]])
267
	 * @return Assignment the item assignment information. Null is returned if
268
	 * this item is not assigned to the user.
269
	 * @see Manager::getAssignment
270 271 272
	 */
	public function getAssignment($userId)
	{
273
		return $this->_auth->getAssignment($userId, $this->_name);
274 275
	}
}