From 03e23adab8624c9fd8cadfb072c62d318bef339a Mon Sep 17 00:00:00 2001 From: Sam Mousa Date: Tue, 7 Jun 2016 10:22:29 +0200 Subject: [PATCH] Fixes #11679: Extracted `CheckAccessInterface` from `ManagerInterface` --- framework/CHANGELOG.md | 1 + framework/rbac/BaseManager.php | 2 +- framework/rbac/CheckAccessInterface.php | 21 +++++++++++++++++++++ framework/rbac/ManagerInterface.php | 14 +------------- framework/rbac/Rule.php | 2 +- framework/web/User.php | 24 +++++++++++++++++++++--- 6 files changed, 46 insertions(+), 18 deletions(-) create mode 100644 framework/rbac/CheckAccessInterface.php diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index d35553f4a5..55db3dbffe 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -26,6 +26,7 @@ Yii Framework 2 Change Log - Bug #11662: Fixed `schema-oci.sql` for RBAC (jonny7) - Bug #11527: Fixed `bigPrimaryKey()` for SQLite (dynasource) - Bug #11686: `BaseArrayHelper::isIn()` comparison did not work in strict mode (taobig) +- Enh #11679: Extracted `CheckAccessInterface` from `ManagerInterface` (SamMousa, samdark, mdomba) 2.0.8 April 28, 2016 diff --git a/framework/rbac/BaseManager.php b/framework/rbac/BaseManager.php index ca48a8195b..cf3442c51f 100644 --- a/framework/rbac/BaseManager.php +++ b/framework/rbac/BaseManager.php @@ -204,7 +204,7 @@ abstract class BaseManager extends Component implements ManagerInterface * @param string|integer $user the user ID. This should be either an integer or a string representing * the unique identifier of a user. See [[\yii\web\User::id]]. * @param Item $item the auth item that needs to execute its rule - * @param array $params parameters passed to [[ManagerInterface::checkAccess()]] and will be passed to the rule + * @param array $params parameters passed to [[CheckAccessInterface::checkAccess()]] and will be passed to the rule * @return boolean the return value of [[Rule::execute()]]. If the auth item does not specify a rule, true will be returned. * @throws InvalidConfigException if the auth item has an invalid rule. */ diff --git a/framework/rbac/CheckAccessInterface.php b/framework/rbac/CheckAccessInterface.php new file mode 100644 index 0000000000..d67c89e90c --- /dev/null +++ b/framework/rbac/CheckAccessInterface.php @@ -0,0 +1,21 @@ + + * @since 2.0.9 + */ +interface CheckAccessInterface +{ + /** + * Checks if the user has the specified permission. + * @param string|integer $userId the user ID. This should be either an integer or a string representing + * the unique identifier of a user. See [[\yii\web\User::id]]. + * @param string $permissionName the name of the permission to be checked against + * @param array $params name-value pairs that will be passed to the rules associated + * with the roles and permissions assigned to the user. + * @return boolean whether the user has the specified permission. + * @throws \yii\base\InvalidParamException if $permissionName does not refer to an existing permission + */ + public function checkAccess($userId, $permissionName, $params = []); +} diff --git a/framework/rbac/ManagerInterface.php b/framework/rbac/ManagerInterface.php index 5feb9d5844..dc135daf56 100644 --- a/framework/rbac/ManagerInterface.php +++ b/framework/rbac/ManagerInterface.php @@ -11,20 +11,8 @@ namespace yii\rbac; * @author Qiang Xue * @since 2.0 */ -interface ManagerInterface +interface ManagerInterface extends CheckAccessInterface { - /** - * Checks if the user has the specified permission. - * @param string|integer $userId the user ID. This should be either an integer or a string representing - * the unique identifier of a user. See [[\yii\web\User::id]]. - * @param string $permissionName the name of the permission to be checked against - * @param array $params name-value pairs that will be passed to the rules associated - * with the roles and permissions assigned to the user. - * @return boolean whether the user has the specified permission. - * @throws \yii\base\InvalidParamException if $permissionName does not refer to an existing permission - */ - public function checkAccess($userId, $permissionName, $params = []); - /** * Creates a new Role object. * Note that the newly created role is not added to the RBAC system yet. diff --git a/framework/rbac/Rule.php b/framework/rbac/Rule.php index 55936ff94c..9fe6a33718 100644 --- a/framework/rbac/Rule.php +++ b/framework/rbac/Rule.php @@ -37,7 +37,7 @@ abstract class Rule extends Object * @param string|integer $user the user ID. This should be either an integer or a string representing * the unique identifier of a user. See [[\yii\web\User::id]]. * @param Item $item the role or permission that this rule is associated with - * @param array $params parameters passed to [[ManagerInterface::checkAccess()]]. + * @param array $params parameters passed to [[CheckAccessInterface::checkAccess()]]. * @return boolean a value indicating whether the rule permits the auth item it is associated with. */ abstract public function execute($user, $item, $params); diff --git a/framework/web/User.php b/framework/web/User.php index 78ec4427ed..c394cc323b 100644 --- a/framework/web/User.php +++ b/framework/web/User.php @@ -11,6 +11,7 @@ use Yii; use yii\base\Component; use yii\base\InvalidConfigException; use yii\base\InvalidValueException; +use yii\rbac\CheckAccessInterface; /** * User is the class for the "user" application component that manages the user authentication status. @@ -103,6 +104,12 @@ class User extends Component * Note that this will not work if [[enableAutoLogin]] is true. */ public $authTimeout; + /** + * @var CheckAccessInterface The acess checker to use for checking access. + * If not set the application auth manager will be used. + * @since 2.0.9 + */ + public $accessChecker; /** * @var integer the number of seconds in which the user will be logged out automatically * regardless of activity. @@ -692,7 +699,7 @@ class User extends Component * When this parameter is true (default), if the access check of an operation was performed * before, its result will be directly returned when calling this method to check the same * operation. If this parameter is false, this method will always call - * [[\yii\rbac\ManagerInterface::checkAccess()]] to obtain the up-to-date access result. Note that this + * [[\yii\rbac\CheckAcessInterface::checkAccess()]] to obtain the up-to-date access result. Note that this * caching is effective only within the same request and only works when `$params = []`. * @return boolean whether the user can perform the operation as specified by the given permission. */ @@ -701,10 +708,10 @@ class User extends Component if ($allowCaching && empty($params) && isset($this->_access[$permissionName])) { return $this->_access[$permissionName]; } - if (($manager = $this->getAuthManager()) === null) { + if (($accessChecker = $this->getAccessChecker()) === null) { return false; } - $access = $manager->checkAccess($this->getId(), $permissionName, $params); + $access = $accessChecker->checkAccess($this->getId(), $permissionName, $params); if ($allowCaching && empty($params)) { $this->_access[$permissionName] = $access; } @@ -743,9 +750,20 @@ class User extends Component * You may override this method to return a different auth manager instance if needed. * @return \yii\rbac\ManagerInterface * @since 2.0.6 + * @deprecated Use `getAccessChecker()` instead. */ protected function getAuthManager() { return Yii::$app->getAuthManager(); } + + /** + * Returns the acess checker used for checking access. + * @return CheckAccessInterface + * @since 2.0.9 + */ + protected function getAccessChecker() + { + return $this->accessChecker !== null ? $this->accessChecker : $this->getAuthManager(); + } }