Fixes #11679: Extracted CheckAccessInterface from ManagerInterface

framework/CHANGELOG.md

@@ -26,6 +26,7 @@ Yii Framework 2 Change Log
 - Bug #11662: Fixed `schema-oci.sql` for RBAC (jonny7)
 - Bug #11527: Fixed `bigPrimaryKey()` for SQLite (dynasource)
 - Bug #11686: `BaseArrayHelper::isIn()` comparison did not work in strict mode (taobig)
+- Enh #11679: Extracted `CheckAccessInterface` from `ManagerInterface` (SamMousa, samdark, mdomba)
 
 
 2.0.8 April 28, 2016

framework/rbac/BaseManager.php

@@ -204,7 +204,7 @@ abstract class BaseManager extends Component implements ManagerInterface
      * @param string|integer $user the user ID. This should be either an integer or a string representing
      * the unique identifier of a user. See [[\yii\web\User::id]].
      * @param Item $item the auth item that needs to execute its rule
-     * @param array $params parameters passed to [[ManagerInterface::checkAccess()]] and will be passed to the rule
+     * @param array $params parameters passed to [[CheckAccessInterface::checkAccess()]] and will be passed to the rule
      * @return boolean the return value of [[Rule::execute()]]. If the auth item does not specify a rule, true will be returned.
      * @throws InvalidConfigException if the auth item has an invalid rule.
      */

framework/rbac/CheckAccessInterface.php

@@ -0,0 +1,21 @@
+<?php
+namespace yii\rbac;
+
+/**
+ * @author Sam Mousa <sam@mousa.nl>
+ * @since 2.0.9
+ */
+interface CheckAccessInterface
+{
+    /**
+     * Checks if the user has the specified permission.
+     * @param string|integer $userId the user ID. This should be either an integer or a string representing
+     * the unique identifier of a user. See [[\yii\web\User::id]].
+     * @param string $permissionName the name of the permission to be checked against
+     * @param array $params name-value pairs that will be passed to the rules associated
+     * with the roles and permissions assigned to the user.
+     * @return boolean whether the user has the specified permission.
+     * @throws \yii\base\InvalidParamException if $permissionName does not refer to an existing permission
+     */
+    public function checkAccess($userId, $permissionName, $params = []);
+}

framework/rbac/ManagerInterface.php

@@ -11,20 +11,8 @@ namespace yii\rbac;
  * @author Qiang Xue <qiang.xue@gmail.com>
  * @since 2.0
  */
-interface ManagerInterface
+interface ManagerInterface extends CheckAccessInterface
 {
-    /**
-     * Checks if the user has the specified permission.
-     * @param string|integer $userId the user ID. This should be either an integer or a string representing
-     * the unique identifier of a user. See [[\yii\web\User::id]].
-     * @param string $permissionName the name of the permission to be checked against
-     * @param array $params name-value pairs that will be passed to the rules associated
-     * with the roles and permissions assigned to the user.
-     * @return boolean whether the user has the specified permission.
-     * @throws \yii\base\InvalidParamException if $permissionName does not refer to an existing permission
-     */
-    public function checkAccess($userId, $permissionName, $params = []);
-
     /**
      * Creates a new Role object.
      * Note that the newly created role is not added to the RBAC system yet.

framework/rbac/Rule.php

@@ -37,7 +37,7 @@ abstract class Rule extends Object
      * @param string|integer $user the user ID. This should be either an integer or a string representing
      * the unique identifier of a user. See [[\yii\web\User::id]].
      * @param Item $item the role or permission that this rule is associated with
-     * @param array $params parameters passed to [[ManagerInterface::checkAccess()]].
+     * @param array $params parameters passed to [[CheckAccessInterface::checkAccess()]].
      * @return boolean a value indicating whether the rule permits the auth item it is associated with.
      */
     abstract public function execute($user, $item, $params);

framework/web/User.php

@@ -11,6 +11,7 @@ use Yii;
 use yii\base\Component;
 use yii\base\InvalidConfigException;
 use yii\base\InvalidValueException;
+use yii\rbac\CheckAccessInterface;
 
 /**
  * User is the class for the "user" application component that manages the user authentication status.
@@ -103,6 +104,12 @@ class User extends Component
      * Note that this will not work if [[enableAutoLogin]] is true.
      */
     public $authTimeout;
+    /**
+     * @var CheckAccessInterface The acess checker to use for checking access.
+     * If not set the application auth manager will be used.
+     * @since 2.0.9
+     */
+    public $accessChecker;
     /**
      * @var integer the number of seconds in which the user will be logged out automatically
      * regardless of activity.
@@ -692,7 +699,7 @@ class User extends Component
      * When this parameter is true (default), if the access check of an operation was performed
      * before, its result will be directly returned when calling this method to check the same
      * operation. If this parameter is false, this method will always call
-     * [[\yii\rbac\ManagerInterface::checkAccess()]] to obtain the up-to-date access result. Note that this
+     * [[\yii\rbac\CheckAcessInterface::checkAccess()]] to obtain the up-to-date access result. Note that this
      * caching is effective only within the same request and only works when `$params = []`.
      * @return boolean whether the user can perform the operation as specified by the given permission.
      */
@@ -701,10 +708,10 @@ class User extends Component
         if ($allowCaching && empty($params) && isset($this->_access[$permissionName])) {
             return $this->_access[$permissionName];
         }
-        if (($manager = $this->getAuthManager()) === null) {
+        if (($accessChecker = $this->getAccessChecker()) === null) {
             return false;
         }
-        $access = $manager->checkAccess($this->getId(), $permissionName, $params);
+        $access = $accessChecker->checkAccess($this->getId(), $permissionName, $params);
         if ($allowCaching && empty($params)) {
             $this->_access[$permissionName] = $access;
         }
@@ -743,9 +750,20 @@ class User extends Component
      * You may override this method to return a different auth manager instance if needed.
      * @return \yii\rbac\ManagerInterface
      * @since 2.0.6
+     * @deprecated Use `getAccessChecker()` instead.
      */
     protected function getAuthManager()
     {
         return Yii::$app->getAuthManager();
     }
+
+    /**
+     * Returns the acess checker used for checking access.
+     * @return CheckAccessInterface
+     * @since 2.0.9
+     */
+    protected function getAccessChecker()
+    {
+        return $this->accessChecker !== null ? $this->accessChecker : $this->getAuthManager();
+    }
 }