User.php 18.9 KB
Newer Older
Qiang Xue committed
1 2 3 4 5 6 7 8 9
<?php
/**
 * @link http://www.yiiframework.com/
 * @copyright Copyright (c) 2008 Yii Software LLC
 * @license http://www.yiiframework.com/license/
 */

namespace yii\web;

Qiang Xue committed
10
use Yii;
Qiang Xue committed
11
use yii\base\Component;
Qiang Xue committed
12
use yii\base\InvalidConfigException;
Qiang Xue committed
13 14

/**
15
 * User is the class for the "user" application component that manages the user authentication status.
Qiang Xue committed
16 17 18 19
 *
 * In particular, [[User::isGuest]] returns a value indicating whether the current user is a guest or not.
 * Through methods [[login()]] and [[logout()]], you can change the user authentication status.
 *
20
 * User works with a class implementing the [[IdentityInterface]]. This class implements
Qiang Xue committed
21 22
 * the actual user authentication logic and is often backed by a user database table.
 *
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
 * User is configured as an application component in [[yii\web\Application]] by default.
 * You can access that instance via `Yii::$app->user`.
 *
 * You can modify its configuration by adding an array to your application config under `components`
 * as it is shown in the following example:
 *
 * ~~~
 * 'user' => [
 *     'identityClass' => 'app\models\User', // User must implement the IdentityInterface
 *     'enableAutoLogin' => true,
 *     // 'loginUrl' => ['user/login'],
 *     // ...
 * ]
 * ~~~
 *
38
 * @property string|integer $id The unique identifier for the user. If null, it means the user is a guest.
39
 * This property is read-only.
Qiang Xue committed
40 41
 * @property IdentityInterface $identity The identity object associated with the currently logged user. Null
 * is returned if the user is not logged in (not authenticated).
42
 * @property boolean $isGuest Whether the current user is a guest. This property is read-only.
43 44
 * @property string $returnUrl The URL that the user should be redirected to after login. Note that the type
 * of this property differs in getter and setter. See [[getReturnUrl()]] and [[setReturnUrl()]] for details.
45
 *
Qiang Xue committed
46 47 48 49 50
 * @author Qiang Xue <qiang.xue@gmail.com>
 * @since 2.0
 */
class User extends Component
{
Qiang Xue committed
51 52 53 54 55 56
	const EVENT_BEFORE_LOGIN = 'beforeLogin';
	const EVENT_AFTER_LOGIN = 'afterLogin';
	const EVENT_BEFORE_LOGOUT = 'beforeLogout';
	const EVENT_AFTER_LOGOUT = 'afterLogout';

	/**
Qiang Xue committed
57
	 * @var string the class name of the [[identity]] object.
Qiang Xue committed
58 59
	 */
	public $identityClass;
Qiang Xue committed
60 61 62
	/**
	 * @var boolean whether to enable cookie-based login. Defaults to false.
	 */
Qiang Xue committed
63
	public $enableAutoLogin = false;
Qiang Xue committed
64
	/**
65
	 * @var string|array the URL for login when [[loginRequired()]] is called.
Qiang Xue committed
66
	 * If an array is given, [[UrlManager::createUrl()]] will be called to create the corresponding URL.
67
	 * The first element of the array should be the route to the login action, and the rest of
Qiang Xue committed
68
	 * the name-value pairs are GET parameters used to construct the login URL. For example,
69
	 *
Qiang Xue committed
70
	 * ~~~
Alexander Makarov committed
71
	 * ['site/login', 'ref' => 1]
Qiang Xue committed
72 73 74
	 * ~~~
	 *
	 * If this property is null, a 403 HTTP exception will be raised when [[loginRequired()]] is called.
Qiang Xue committed
75
	 */
Alexander Makarov committed
76
	public $loginUrl = ['site/login'];
Qiang Xue committed
77
	/**
Qiang Xue committed
78 79
	 * @var array the configuration of the identity cookie. This property is used only when [[enableAutoLogin]] is true.
	 * @see Cookie
Qiang Xue committed
80
	 */
Alexander Makarov committed
81
	public $identityCookie = ['name' => '_identity', 'httpOnly' => true];
Qiang Xue committed
82
	/**
Qiang Xue committed
83 84 85
	 * @var integer the number of seconds in which the user will be logged out automatically if he
	 * remains inactive. If this property is not set, the user will be logged out after
	 * the current session expires (c.f. [[Session::timeout]]).
Qiang Xue committed
86 87 88 89
	 */
	public $authTimeout;
	/**
	 * @var boolean whether to automatically renew the identity cookie each time a page is requested.
Qiang Xue committed
90
	 * This property is effective only when [[enableAutoLogin]] is true.
Qiang Xue committed
91 92 93
	 * When this is false, the identity cookie will expire after the specified duration since the user
	 * is initially logged in. When this is true, the identity cookie will expire after the specified duration
	 * since the user visits the site the last time.
Qiang Xue committed
94
	 * @see enableAutoLogin
Qiang Xue committed
95
	 */
Qiang Xue committed
96
	public $autoRenewCookie = true;
Qiang Xue committed
97 98 99 100 101 102 103 104 105 106 107 108 109
	/**
	 * @var string the session variable name used to store the value of [[id]].
	 */
	public $idVar = '__id';
	/**
	 * @var string the session variable name used to store the value of expiration timestamp of the authenticated state.
	 * This is used when [[authTimeout]] is set.
	 */
	public $authTimeoutVar = '__expire';
	/**
	 * @var string the session variable name used to store the value of [[returnUrl]].
	 */
	public $returnUrlVar = '__returnUrl';
Qiang Xue committed
110

Alexander Makarov committed
111
	private $_access = [];
112

Qiang Xue committed
113 114 115 116 117 118 119

	/**
	 * Initializes the application component.
	 */
	public function init()
	{
		parent::init();
Qiang Xue committed
120

121 122 123
		if ($this->identityClass === null) {
			throw new InvalidConfigException('User::identityClass must be set.');
		}
Qiang Xue committed
124 125 126 127
		if ($this->enableAutoLogin && !isset($this->identityCookie['name'])) {
			throw new InvalidConfigException('User::identityCookie must contain the "name" element.');
		}

Qiang Xue committed
128
		Yii::$app->getSession()->open();
Qiang Xue committed
129 130 131 132 133 134 135 136 137 138 139 140

		$this->renewAuthStatus();

		if ($this->enableAutoLogin) {
			if ($this->getIsGuest()) {
				$this->loginByCookie();
			} elseif ($this->autoRenewCookie) {
				$this->renewIdentityCookie();
			}
		}
	}

141 142
	private $_identity = false;

Qiang Xue committed
143
	/**
144
	 * Returns the identity object associated with the currently logged user.
145
	 * @return IdentityInterface the identity object associated with the currently logged user.
146
	 * Null is returned if the user is not logged in (not authenticated).
Taras Gudz committed
147 148
	 * @see login()
	 * @see logout()
Qiang Xue committed
149
	 */
150
	public function getIdentity()
Qiang Xue committed
151
	{
152 153 154 155 156
		if ($this->_identity === false) {
			$id = $this->getId();
			if ($id === null) {
				$this->_identity = null;
			} else {
slavcodev committed
157
				/** @var IdentityInterface $class */
Qiang Xue committed
158
				$class = $this->identityClass;
159 160
				$this->_identity = $class::findIdentity($id);
			}
Qiang Xue committed
161
		}
162 163 164 165 166 167 168 169 170 171 172
		return $this->_identity;
	}

	/**
	 * Sets the identity object.
	 * This method should be mainly be used by the User component or its child class
	 * to maintain the identity object.
	 *
	 * You should normally update the user identity via methods [[login()]], [[logout()]]
	 * or [[switchIdentity()]].
	 *
173
	 * @param IdentityInterface $identity the identity object associated with the currently logged user.
174 175 176 177
	 */
	public function setIdentity($identity)
	{
		$this->_identity = $identity;
Qiang Xue committed
178 179 180 181 182
	}

	/**
	 * Logs in a user.
	 *
Qiang Xue committed
183 184 185 186
	 * This method stores the necessary session information to keep track
	 * of the user identity information. If `$duration` is greater than 0
	 * and [[enableAutoLogin]] is true, it will also send out an identity
	 * cookie to support cookie-based login.
Qiang Xue committed
187
	 *
188
	 * @param IdentityInterface $identity the user identity (which should already be authenticated)
Qiang Xue committed
189 190 191
	 * @param integer $duration number of seconds that the user can remain in logged-in status.
	 * Defaults to 0, meaning login till the user closes the browser or the session is manually destroyed.
	 * If greater than 0 and [[enableAutoLogin]] is true, cookie-based login will be supported.
Qiang Xue committed
192 193 194 195
	 * @return boolean whether the user is logged in
	 */
	public function login($identity, $duration = 0)
	{
Qiang Xue committed
196
		if ($this->beforeLogin($identity, false)) {
197
			$this->switchIdentity($identity, $duration);
198 199 200
			$id = $identity->getId();
			$ip = Yii::$app->getRequest()->getUserIP();
			Yii::info("User '$id' logged in from $ip.", __METHOD__);
Qiang Xue committed
201
			$this->afterLogin($identity, false);
Qiang Xue committed
202 203 204 205
		}
		return !$this->getIsGuest();
	}

Qiang Xue committed
206
	/**
Qiang Xue committed
207 208 209 210
	 * Logs in a user by cookie.
	 *
	 * This method attempts to log in a user using the ID and authKey information
	 * provided by the given cookie.
Qiang Xue committed
211 212 213 214 215 216 217 218 219
	 */
	protected function loginByCookie()
	{
		$name = $this->identityCookie['name'];
		$value = Yii::$app->getRequest()->getCookies()->getValue($name);
		if ($value !== null) {
			$data = json_decode($value, true);
			if (count($data) === 3 && isset($data[0], $data[1], $data[2])) {
				list ($id, $authKey, $duration) = $data;
slavcodev committed
220
				/** @var IdentityInterface $class */
Qiang Xue committed
221 222
				$class = $this->identityClass;
				$identity = $class::findIdentity($id);
Qiang Xue committed
223 224
				if ($identity !== null && $identity->validateAuthKey($authKey)) {
					if ($this->beforeLogin($identity, true)) {
225
						$this->switchIdentity($identity, $this->autoRenewCookie ? $duration : 0);
226 227
						$ip = Yii::$app->getRequest()->getUserIP();
						Yii::info("User '$id' logged in from $ip via cookie.", __METHOD__);
Qiang Xue committed
228
						$this->afterLogin($identity, true);
229
					}
Qiang Xue committed
230 231
				} elseif ($identity !== null) {
					Yii::warning("Invalid auth key attempted for user '$id': $authKey", __METHOD__);
Qiang Xue committed
232 233 234 235 236
				}
			}
		}
	}

Qiang Xue committed
237 238 239
	/**
	 * Logs out the current user.
	 * This will remove authentication-related session data.
Qiang Xue committed
240 241
	 * If `$destroySession` is true, all session data will be removed.
	 * @param boolean $destroySession whether to destroy the whole session. Defaults to true.
Qiang Xue committed
242 243 244
	 */
	public function logout($destroySession = true)
	{
245
		$identity = $this->getIdentity();
Qiang Xue committed
246 247
		if ($identity !== null && $this->beforeLogout($identity)) {
			$this->switchIdentity(null);
248 249 250
			$id = $identity->getId();
			$ip = Yii::$app->getRequest()->getUserIP();
			Yii::info("User '$id' logged out from $ip.", __METHOD__);
Qiang Xue committed
251
			if ($destroySession) {
Qiang Xue committed
252
				Yii::$app->getSession()->destroy();
Qiang Xue committed
253
			}
resurtm committed
254
			$this->afterLogout($identity);
Qiang Xue committed
255 256 257 258 259
		}
	}

	/**
	 * Returns a value indicating whether the user is a guest (not authenticated).
Qiang Xue committed
260
	 * @return boolean whether the current user is a guest.
Qiang Xue committed
261 262 263
	 */
	public function getIsGuest()
	{
264
		return $this->getIdentity() === null;
Qiang Xue committed
265 266 267 268
	}

	/**
	 * Returns a value that uniquely represents the user.
Qiang Xue committed
269
	 * @return string|integer the unique identifier for the user. If null, it means the user is a guest.
Qiang Xue committed
270 271 272
	 */
	public function getId()
	{
Qiang Xue committed
273
		return Yii::$app->getSession()->get($this->idVar);
Qiang Xue committed
274 275 276 277 278 279
	}

	/**
	 * Returns the URL that the user should be redirected to after successful login.
	 * This property is usually used by the login action. If the login is successful,
	 * the action should read this property and use it to redirect the user browser.
Qiang Xue committed
280
	 * @param string|array $defaultUrl the default return URL in case it was not set previously.
281 282
	 * If this is null and the return URL was not set previously, [[Application::homeUrl]] will be redirected to.
	 * Please refer to [[setReturnUrl()]] on accepted format of the URL.
Qiang Xue committed
283
	 * @return string the URL that the user should be redirected to after login.
Taras Gudz committed
284
	 * @see loginRequired()
Qiang Xue committed
285 286 287
	 */
	public function getReturnUrl($defaultUrl = null)
	{
Qiang Xue committed
288
		$url = Yii::$app->getSession()->get($this->returnUrlVar, $defaultUrl);
289 290 291 292 293 294 295 296
		if (is_array($url)) {
			if (isset($url[0])) {
				$route = array_shift($url);
				return Yii::$app->getUrlManager()->createUrl($route, $url);
			} else {
				$url = null;
			}
		}
Qiang Xue committed
297
		return $url === null ? Yii::$app->getHomeUrl() : $url;
Qiang Xue committed
298 299 300
	}

	/**
Qiang Xue committed
301
	 * @param string|array $url the URL that the user should be redirected to after login.
302 303 304 305 306
	 * If an array is given, [[UrlManager::createUrl()]] will be called to create the corresponding URL.
	 * The first element of the array should be the route, and the rest of
	 * the name-value pairs are GET parameters used to construct the URL. For example,
	 *
	 * ~~~
Alexander Makarov committed
307
	 * ['admin/index', 'ref' => 1]
308
	 * ~~~
Qiang Xue committed
309
	 */
Qiang Xue committed
310
	public function setReturnUrl($url)
Qiang Xue committed
311
	{
Qiang Xue committed
312
		Yii::$app->getSession()->set($this->returnUrlVar, $url);
Qiang Xue committed
313 314 315 316 317
	}

	/**
	 * Redirects the user browser to the login page.
	 * Before the redirection, the current URL (if it's not an AJAX url) will be
Qiang Xue committed
318 319
	 * kept as [[returnUrl]] so that the user browser may be redirected back
	 * to the current page after successful login. Make sure you set [[loginUrl]]
Qiang Xue committed
320 321
	 * so that the user browser can be redirected to the specified login URL after
	 * calling this method.
Qiang Xue committed
322 323
	 *
	 * Note that when [[loginUrl]] is set, calling this method will NOT terminate the application execution.
324
	 *
325 326
	 * @return Response the redirection response if [[loginUrl]] is set
	 * @throws AccessDeniedHttpException the "Access Denied" HTTP exception if [[loginUrl]] is not set
Qiang Xue committed
327 328 329
	 */
	public function loginRequired()
	{
Qiang Xue committed
330
		$request = Yii::$app->getRequest();
Qiang Xue committed
331
		if (!$request->getIsAjax()) {
Qiang Xue committed
332 333 334
			$this->setReturnUrl($request->getUrl());
		}
		if ($this->loginUrl !== null) {
335
			return Yii::$app->getResponse()->redirect($this->loginUrl);
Qiang Xue committed
336
		} else {
337
			throw new AccessDeniedHttpException(Yii::t('yii', 'Login Required'));
Qiang Xue committed
338 339 340 341 342
		}
	}

	/**
	 * This method is called before logging in a user.
Qiang Xue committed
343 344 345
	 * The default implementation will trigger the [[EVENT_BEFORE_LOGIN]] event.
	 * If you override this method, make sure you call the parent implementation
	 * so that the event is triggered.
346
	 * @param IdentityInterface $identity the user identity information
Qiang Xue committed
347 348
	 * @param boolean $cookieBased whether the login is cookie-based
	 * @return boolean whether the user should continue to be logged in
Qiang Xue committed
349
	 */
Qiang Xue committed
350
	protected function beforeLogin($identity, $cookieBased)
Qiang Xue committed
351
	{
Alexander Makarov committed
352
		$event = new UserEvent([
Qiang Xue committed
353
			'identity' => $identity,
Qiang Xue committed
354
			'cookieBased' => $cookieBased,
Alexander Makarov committed
355
		]);
Qiang Xue committed
356 357
		$this->trigger(self::EVENT_BEFORE_LOGIN, $event);
		return $event->isValid;
Qiang Xue committed
358 359 360 361
	}

	/**
	 * This method is called after the user is successfully logged in.
Qiang Xue committed
362 363 364
	 * The default implementation will trigger the [[EVENT_AFTER_LOGIN]] event.
	 * If you override this method, make sure you call the parent implementation
	 * so that the event is triggered.
365
	 * @param IdentityInterface $identity the user identity information
Qiang Xue committed
366
	 * @param boolean $cookieBased whether the login is cookie-based
Qiang Xue committed
367
	 */
Qiang Xue committed
368
	protected function afterLogin($identity, $cookieBased)
Qiang Xue committed
369
	{
Alexander Makarov committed
370
		$this->trigger(self::EVENT_AFTER_LOGIN, new UserEvent([
Qiang Xue committed
371
			'identity' => $identity,
Qiang Xue committed
372
			'cookieBased' => $cookieBased,
Alexander Makarov committed
373
		]));
Qiang Xue committed
374 375 376
	}

	/**
Qiang Xue committed
377 378 379 380
	 * This method is invoked when calling [[logout()]] to log out a user.
	 * The default implementation will trigger the [[EVENT_BEFORE_LOGOUT]] event.
	 * If you override this method, make sure you call the parent implementation
	 * so that the event is triggered.
381
	 * @param IdentityInterface $identity the user identity information
Qiang Xue committed
382
	 * @return boolean whether the user should continue to be logged out
Qiang Xue committed
383
	 */
Qiang Xue committed
384
	protected function beforeLogout($identity)
Qiang Xue committed
385
	{
Alexander Makarov committed
386
		$event = new UserEvent([
Qiang Xue committed
387
			'identity' => $identity,
Alexander Makarov committed
388
		]);
Qiang Xue committed
389 390
		$this->trigger(self::EVENT_BEFORE_LOGOUT, $event);
		return $event->isValid;
Qiang Xue committed
391 392 393
	}

	/**
Qiang Xue committed
394 395 396 397
	 * This method is invoked right after a user is logged out via [[logout()]].
	 * The default implementation will trigger the [[EVENT_AFTER_LOGOUT]] event.
	 * If you override this method, make sure you call the parent implementation
	 * so that the event is triggered.
398
	 * @param IdentityInterface $identity the user identity information
Qiang Xue committed
399
	 */
Qiang Xue committed
400
	protected function afterLogout($identity)
Qiang Xue committed
401
	{
Alexander Makarov committed
402
		$this->trigger(self::EVENT_AFTER_LOGOUT, new UserEvent([
Qiang Xue committed
403
			'identity' => $identity,
Alexander Makarov committed
404
		]));
Qiang Xue committed
405 406 407 408 409 410 411
	}

	/**
	 * Renews the identity cookie.
	 * This method will set the expiration time of the identity cookie to be the current time
	 * plus the originally specified cookie duration.
	 */
Qiang Xue committed
412
	protected function renewIdentityCookie()
Qiang Xue committed
413
	{
Qiang Xue committed
414 415 416 417 418 419 420 421
		$name = $this->identityCookie['name'];
		$value = Yii::$app->getRequest()->getCookies()->getValue($name);
		if ($value !== null) {
			$data = json_decode($value, true);
			if (is_array($data) && isset($data[2])) {
				$cookie = new Cookie($this->identityCookie);
				$cookie->value = $value;
				$cookie->expire = time() + (int)$data[2];
422
				Yii::$app->getResponse()->getCookies()->add($cookie);
Qiang Xue committed
423 424 425 426 427
			}
		}
	}

	/**
Qiang Xue committed
428 429
	 * Sends an identity cookie.
	 * This method is used when [[enableAutoLogin]] is true.
430
	 * It saves [[id]], [[IdentityInterface::getAuthKey()|auth key]], and the duration of cookie-based login
Qiang Xue committed
431
	 * information in the cookie.
432
	 * @param IdentityInterface $identity
Qiang Xue committed
433
	 * @param integer $duration number of seconds that the user can remain in logged-in status.
Taras Gudz committed
434
	 * @see loginByCookie()
Qiang Xue committed
435
	 */
Qiang Xue committed
436
	protected function sendIdentityCookie($identity, $duration)
Qiang Xue committed
437
	{
Qiang Xue committed
438
		$cookie = new Cookie($this->identityCookie);
Alexander Makarov committed
439
		$cookie->value = json_encode([
Qiang Xue committed
440 441
			$identity->getId(),
			$identity->getAuthKey(),
Qiang Xue committed
442
			$duration,
Alexander Makarov committed
443
		]);
Qiang Xue committed
444
		$cookie->expire = time() + $duration;
445
		Yii::$app->getResponse()->getCookies()->add($cookie);
Qiang Xue committed
446 447 448
	}

	/**
449 450 451 452 453 454 455 456 457
	 * Switches to a new identity for the current user.
	 *
	 * This method will save necessary session information to keep track of the user authentication status.
	 * If `$duration` is provided, it will also send out appropriate identity cookie
	 * to support cookie-based login.
	 *
	 * This method is mainly called by [[login()]], [[logout()]] and [[loginByCookie()]]
	 * when the current user needs to be associated with the corresponding identity information.
	 *
458
	 * @param IdentityInterface $identity the identity information to be associated with the current user.
459 460 461
	 * If null, it means switching to be a guest.
	 * @param integer $duration number of seconds that the user can remain in logged-in status.
	 * This parameter is used only when `$identity` is not null.
Qiang Xue committed
462
	 */
463
	public function switchIdentity($identity, $duration = 0)
Qiang Xue committed
464
	{
Qiang Xue committed
465
		$session = Yii::$app->getSession();
466
		if (!YII_ENV_TEST) {
467 468
			$session->regenerateID(true);
		}
469
		$this->setIdentity($identity);
Qiang Xue committed
470 471
		$session->remove($this->idVar);
		$session->remove($this->authTimeoutVar);
472
		if ($identity instanceof IdentityInterface) {
473
			$session->set($this->idVar, $identity->getId());
Qiang Xue committed
474
			if ($this->authTimeout !== null) {
475 476 477 478
				$session->set($this->authTimeoutVar, time() + $this->authTimeout);
			}
			if ($duration > 0 && $this->enableAutoLogin) {
				$this->sendIdentityCookie($identity, $duration);
Qiang Xue committed
479
			}
480
		} elseif ($this->enableAutoLogin) {
481
			Yii::$app->getResponse()->getCookies()->remove(new Cookie($this->identityCookie));
Qiang Xue committed
482 483 484 485
		}
	}

	/**
Qiang Xue committed
486 487 488 489
	 * Updates the authentication status according to [[authTimeout]].
	 * This method is called during [[init()]].
	 * It will update the user's authentication status if it has not outdated yet.
	 * Otherwise, it will logout the user.
Qiang Xue committed
490
	 */
Qiang Xue committed
491
	protected function renewAuthStatus()
Qiang Xue committed
492
	{
493
		if ($this->authTimeout !== null && !$this->getIsGuest()) {
Qiang Xue committed
494
			$expire = Yii::$app->getSession()->get($this->authTimeoutVar);
Qiang Xue committed
495 496 497
			if ($expire !== null && $expire < time()) {
				$this->logout(false);
			} else {
Qiang Xue committed
498
				Yii::$app->getSession()->set($this->authTimeoutVar, time() + $this->authTimeout);
Qiang Xue committed
499 500
			}
		}
Qiang Xue committed
501
	}
Qiang Xue committed
502 503

	/**
504 505 506 507 508 509 510 511 512 513 514
	 * Performs access check for this user.
	 * @param string $operation the name of the operation that need access check.
	 * @param array $params name-value pairs that would be passed to business rules associated
	 * with the tasks and roles assigned to the user. A param with name 'userId' is added to
	 * this array, which holds the value of [[id]] when [[DbAuthManager]] or
	 * [[PhpAuthManager]] is used.
	 * @param boolean $allowCaching whether to allow caching the result of access check.
	 * When this parameter is true (default), if the access check of an operation was performed
	 * before, its result will be directly returned when calling this method to check the same
	 * operation. If this parameter is false, this method will always call
	 * [[AuthManager::checkAccess()]] to obtain the up-to-date access result. Note that this
Alexander Makarov committed
515
	 * caching is effective only within the same request and only works when `$params = []`.
516
	 * @return boolean whether the operations can be performed by this user.
Qiang Xue committed
517
	 */
Alexander Makarov committed
518
	public function checkAccess($operation, $params = [], $allowCaching = true)
Qiang Xue committed
519 520
	{
		$auth = Yii::$app->getAuthManager();
521
		if ($auth === null) {
Qiang Xue committed
522
			return false;
Qiang Xue committed
523
		}
524 525 526 527 528 529 530 531
		if ($allowCaching && empty($params) && isset($this->_access[$operation])) {
			return $this->_access[$operation];
		}
		$access = $auth->checkAccess($this->getId(), $operation, $params);
		if ($allowCaching && empty($params)) {
			$this->_access[$operation] = $access;
		}
		return $access;
Qiang Xue committed
532
	}
Qiang Xue committed
533
}