php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-06 14:19:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #11679: Extracted CheckAccessInterface from ManagerInterface

Browse Source
This commit is contained in:
Sam Mousa
2016-06-07 10:22:29 +02:00
committed by Alexander Makarov
parent 2238c32098
commit 03e23adab8
6 changed files with 46 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
framework/CHANGELOG.md
View File

@ -26,6 +26,7 @@ Yii Framework 2 Change Log
- Bug #11662: Fixed `schema-oci.sql` for RBAC (jonny7) - Bug #11662: Fixed `schema-oci.sql` for RBAC (jonny7)
- Bug #11527: Fixed `bigPrimaryKey()` for SQLite (dynasource) - Bug #11527: Fixed `bigPrimaryKey()` for SQLite (dynasource)
- Bug #11686: `BaseArrayHelper::isIn()` comparison did not work in strict mode (taobig) - Bug #11686: `BaseArrayHelper::isIn()` comparison did not work in strict mode (taobig)
- Enh #11679: Extracted `CheckAccessInterface` from `ManagerInterface` (SamMousa, samdark, mdomba)
2.0.8 April 28, 2016 2.0.8 April 28, 2016

2
framework/rbac/BaseManager.php
View File

@ -204,7 +204,7 @@ abstract class BaseManager extends Component implements ManagerInterface
* @param string|integer $user the user ID. This should be either an integer or a string representing * @param string|integer $user the user ID. This should be either an integer or a string representing
* the unique identifier of a user. See [[\yii\web\User::id]]. * the unique identifier of a user. See [[\yii\web\User::id]].
* @param Item $item the auth item that needs to execute its rule * @param Item $item the auth item that needs to execute its rule
* @param array $params parameters passed to [[ManagerInterface::checkAccess()]] and will be passed to the rule * @param array $params parameters passed to [[CheckAccessInterface::checkAccess()]] and will be passed to the rule
* @return boolean the return value of [[Rule::execute()]]. If the auth item does not specify a rule, true will be returned. * @return boolean the return value of [[Rule::execute()]]. If the auth item does not specify a rule, true will be returned.
* @throws InvalidConfigException if the auth item has an invalid rule. * @throws InvalidConfigException if the auth item has an invalid rule.
*/ */

21
framework/rbac/CheckAccessInterface.php Normal file
View File

@ -0,0 +1,21 @@
<?php
namespace yii\rbac;
/**
* @author Sam Mousa <sam@mousa.nl>
* @since 2.0.9
*/
interface CheckAccessInterface
{
/**
* Checks if the user has the specified permission.
* @param string|integer $userId the user ID. This should be either an integer or a string representing
* the unique identifier of a user. See [[\yii\web\User::id]].
* @param string $permissionName the name of the permission to be checked against
* @param array $params name-value pairs that will be passed to the rules associated
* with the roles and permissions assigned to the user.
* @return boolean whether the user has the specified permission.
* @throws \yii\base\InvalidParamException if $permissionName does not refer to an existing permission
*/
public function checkAccess($userId, $permissionName, $params = []);
}

14
framework/rbac/ManagerInterface.php
View File

@ -11,20 +11,8 @@ namespace yii\rbac;
* @author Qiang Xue <qiang.xue@gmail.com> * @author Qiang Xue <qiang.xue@gmail.com>
* @since 2.0 * @since 2.0
*/ */
interface ManagerInterface interface ManagerInterface extends CheckAccessInterface
{ {
/**
* Checks if the user has the specified permission.
* @param string|integer $userId the user ID. This should be either an integer or a string representing
* the unique identifier of a user. See [[\yii\web\User::id]].
* @param string $permissionName the name of the permission to be checked against
* @param array $params name-value pairs that will be passed to the rules associated
* with the roles and permissions assigned to the user.
* @return boolean whether the user has the specified permission.
* @throws \yii\base\InvalidParamException if $permissionName does not refer to an existing permission
*/
public function checkAccess($userId, $permissionName, $params = []);
/** /**
* Creates a new Role object. * Creates a new Role object.
* Note that the newly created role is not added to the RBAC system yet. * Note that the newly created role is not added to the RBAC system yet.

2
framework/rbac/Rule.php
View File

@ -37,7 +37,7 @@ abstract class Rule extends Object
* @param string|integer $user the user ID. This should be either an integer or a string representing * @param string|integer $user the user ID. This should be either an integer or a string representing
* the unique identifier of a user. See [[\yii\web\User::id]]. * the unique identifier of a user. See [[\yii\web\User::id]].
* @param Item $item the role or permission that this rule is associated with * @param Item $item the role or permission that this rule is associated with
* @param array $params parameters passed to [[ManagerInterface::checkAccess()]]. * @param array $params parameters passed to [[CheckAccessInterface::checkAccess()]].
* @return boolean a value indicating whether the rule permits the auth item it is associated with. * @return boolean a value indicating whether the rule permits the auth item it is associated with.
*/ */
abstract public function execute($user, $item, $params); abstract public function execute($user, $item, $params);

24
framework/web/User.php
View File

@ -11,6 +11,7 @@ use Yii;
use yii\base\Component; use yii\base\Component;
use yii\base\InvalidConfigException; use yii\base\InvalidConfigException;
use yii\base\InvalidValueException; use yii\base\InvalidValueException;
use yii\rbac\CheckAccessInterface;
/** /**
* User is the class for the "user" application component that manages the user authentication status. * User is the class for the "user" application component that manages the user authentication status.
@ -103,6 +104,12 @@ class User extends Component
* Note that this will not work if [[enableAutoLogin]] is true. * Note that this will not work if [[enableAutoLogin]] is true.
*/ */
public $authTimeout; public $authTimeout;
/**
* @var CheckAccessInterface The acess checker to use for checking access.
* If not set the application auth manager will be used.
* @since 2.0.9
*/
public $accessChecker;
/** /**
* @var integer the number of seconds in which the user will be logged out automatically * @var integer the number of seconds in which the user will be logged out automatically
* regardless of activity. * regardless of activity.
@ -692,7 +699,7 @@ class User extends Component
* When this parameter is true (default), if the access check of an operation was performed * When this parameter is true (default), if the access check of an operation was performed
* before, its result will be directly returned when calling this method to check the same * before, its result will be directly returned when calling this method to check the same
* operation. If this parameter is false, this method will always call * operation. If this parameter is false, this method will always call
* [[\yii\rbac\ManagerInterface::checkAccess()]] to obtain the up-to-date access result. Note that this * [[\yii\rbac\CheckAcessInterface::checkAccess()]] to obtain the up-to-date access result. Note that this
* caching is effective only within the same request and only works when `$params = []`. * caching is effective only within the same request and only works when `$params = []`.
* @return boolean whether the user can perform the operation as specified by the given permission. * @return boolean whether the user can perform the operation as specified by the given permission.
*/ */
@ -701,10 +708,10 @@ class User extends Component
if ($allowCaching && empty($params) && isset($this->_access[$permissionName])) { if ($allowCaching && empty($params) && isset($this->_access[$permissionName])) {
return $this->_access[$permissionName]; return $this->_access[$permissionName];
} }
if (($manager = $this->getAuthManager()) === null) { if (($accessChecker = $this->getAccessChecker()) === null) {
return false; return false;
} }
$access = $manager->checkAccess($this->getId(), $permissionName, $params); $access = $accessChecker->checkAccess($this->getId(), $permissionName, $params);
if ($allowCaching && empty($params)) { if ($allowCaching && empty($params)) {
$this->_access[$permissionName] = $access; $this->_access[$permissionName] = $access;
} }
@ -743,9 +750,20 @@ class User extends Component
* You may override this method to return a different auth manager instance if needed. * You may override this method to return a different auth manager instance if needed.
* @return \yii\rbac\ManagerInterface * @return \yii\rbac\ManagerInterface
* @since 2.0.6 * @since 2.0.6
* @deprecated Use `getAccessChecker()` instead.
*/ */
protected function getAuthManager() protected function getAuthManager()
{ {
return Yii::$app->getAuthManager(); return Yii::$app->getAuthManager();
} }
/**
* Returns the acess checker used for checking access.
* @return CheckAccessInterface
* @since 2.0.9
*/
protected function getAccessChecker()
{
return $this->accessChecker !== null ? $this->accessChecker : $this->getAuthManager();
}
} }