Class yii\mongodb\rbac\MongoDbManager

All Classes | Properties | Methods
Inheritanceyii\mongodb\rbac\MongoDbManager » yii\rbac\BaseManager
Available since version2.0.5

MongoDbManager represents an authorization manager that stores authorization information in MongoDB.

Manager uses 3 collections for the RBAC data storage:

These collection are better to be pre-created with search fields indexed.

Public Properties

Hide inherited properties

PropertyTypeDescriptionDefined By
$assignmentCollection string|array The name of the collection storing authorization item assignments. yii\mongodb\rbac\MongoDbManager
$cache \yii\caching\Cache|array|string The cache used to improve RBAC performance. yii\mongodb\rbac\MongoDbManager
$cacheKey string The key used to store RBAC data in cache yii\mongodb\rbac\MongoDbManager
$db yii\mongodb\Connection|array|string The MongoDB connection object or the application component ID of the MongoDB connection. yii\mongodb\rbac\MongoDbManager
$itemCollection string|array The name of the collection storing authorization items. yii\mongodb\rbac\MongoDbManager
$ruleCollection string|array The name of the collection storing rules. yii\mongodb\rbac\MongoDbManager

Protected Properties

Hide inherited properties

PropertyTypeDescriptionDefined By
$items \yii\rbac\Item[] All auth items (name => Item) yii\mongodb\rbac\MongoDbManager
$rules \yii\rbac\Rule[] All auth rules (name => Rule) yii\mongodb\rbac\MongoDbManager

Public Methods

Hide inherited methods

MethodDescriptionDefined By
addChild() yii\mongodb\rbac\MongoDbManager
assign() yii\mongodb\rbac\MongoDbManager
canAddChild() yii\mongodb\rbac\MongoDbManager
checkAccess() yii\mongodb\rbac\MongoDbManager
getAssignment() yii\mongodb\rbac\MongoDbManager
getAssignments() yii\mongodb\rbac\MongoDbManager
getChildren() yii\mongodb\rbac\MongoDbManager
getPermissionsByRole() yii\mongodb\rbac\MongoDbManager
getPermissionsByUser() yii\mongodb\rbac\MongoDbManager
getRolesByUser() yii\mongodb\rbac\MongoDbManager
getRule() yii\mongodb\rbac\MongoDbManager
getRules() yii\mongodb\rbac\MongoDbManager
getUserIdsByRole() yii\mongodb\rbac\MongoDbManager
hasChild() yii\mongodb\rbac\MongoDbManager
init() Initializes the application component. yii\mongodb\rbac\MongoDbManager
invalidateCache() Invalidates RBAC related cache yii\mongodb\rbac\MongoDbManager
loadFromCache() Loads data from cache yii\mongodb\rbac\MongoDbManager
removeAll() yii\mongodb\rbac\MongoDbManager
removeAllAssignments() yii\mongodb\rbac\MongoDbManager
removeAllPermissions() yii\mongodb\rbac\MongoDbManager
removeAllRoles() yii\mongodb\rbac\MongoDbManager
removeAllRules() yii\mongodb\rbac\MongoDbManager
removeChild() yii\mongodb\rbac\MongoDbManager
removeChildren() yii\mongodb\rbac\MongoDbManager
revoke() yii\mongodb\rbac\MongoDbManager
revokeAll() yii\mongodb\rbac\MongoDbManager

Protected Methods

Hide inherited methods

MethodDescriptionDefined By
addItem() yii\mongodb\rbac\MongoDbManager
addRule() yii\mongodb\rbac\MongoDbManager
checkAccessFromCache() Performs access check for the specified user based on the data loaded from cache. yii\mongodb\rbac\MongoDbManager
checkAccessRecursive() Performs access check for the specified user. yii\mongodb\rbac\MongoDbManager
detectLoop() Checks whether there is a loop in the authorization item hierarchy. yii\mongodb\rbac\MongoDbManager
getChildrenList() Returns the children for every parent. yii\mongodb\rbac\MongoDbManager
getChildrenRecursive() Recursively finds all children and grand children of the specified item. yii\mongodb\rbac\MongoDbManager
getItem() yii\mongodb\rbac\MongoDbManager
getItems() yii\mongodb\rbac\MongoDbManager
populateItem() Populates an auth item with the data fetched from collection yii\mongodb\rbac\MongoDbManager
removeAllItems() Removes all auth items of the specified type. yii\mongodb\rbac\MongoDbManager
removeItem() yii\mongodb\rbac\MongoDbManager
removeRule() yii\mongodb\rbac\MongoDbManager
updateItem() yii\mongodb\rbac\MongoDbManager
updateRule() yii\mongodb\rbac\MongoDbManager

Property Details

$assignmentCollection public property

The name of the collection storing authorization item assignments. Defaults to "auth_assignment".

public string|array $assignmentCollection 'auth_assignment'
$cache public property

The cache used to improve RBAC performance. This can be one of the following:

  • an application component ID (e.g. cache)
  • a configuration array
  • a \yii\caching\Cache object

When this is not set, it means caching is not enabled.

Note that by enabling RBAC cache, all auth items, rules and auth item parent-child relationships will be cached and loaded into memory. This will improve the performance of RBAC permission check. However, it does require extra memory and as a result may not be appropriate if your RBAC system contains too many auth items. You should seek other RBAC implementations (e.g. RBAC based on Redis storage) in this case.

Also note that if you modify RBAC items, rules or parent-child relationships from outside of this component, you have to manually call invalidateCache() to ensure data consistency.

public \yii\caching\Cache|array|string $cache null
$cacheKey public property

The key used to store RBAC data in cache

See also $cache.

public string $cacheKey 'rbac'
$db public property

The MongoDB connection object or the application component ID of the MongoDB connection. After the MongoDbManager object is created, if you want to change this property, you should only assign it with a MongoDB connection object.

public yii\mongodb\Connection|array|string $db 'mongodb'
$itemCollection public property

The name of the collection storing authorization items. Defaults to "auth_item".

public string|array $itemCollection 'auth_item'
$items protected property

All auth items (name => Item)

protected \yii\rbac\Item[] $items null
$ruleCollection public property

The name of the collection storing rules. Defaults to "auth_rule".

public string|array $ruleCollection 'auth_rule'
$rules protected property

All auth rules (name => Rule)

protected \yii\rbac\Rule[] $rules null

Method Details

addChild() public method

public void addChild ( $parent, $child )
$parent
$child
addItem() protected method

protected void addItem ( $item )
$item
addRule() protected method

protected void addRule ( $rule )
$rule
assign() public method

public void assign ( $role, $userId )
$role
$userId
canAddChild() public method

public void canAddChild ( $parent, $child )
$parent
$child
checkAccess() public method

public void checkAccess ( $userId, $permissionName, $params = [] )
$userId
$permissionName
$params
checkAccessFromCache() protected method

Performs access check for the specified user based on the data loaded from cache.

This method is internally called by checkAccess() when $cache is enabled.

protected boolean checkAccessFromCache ( $user, $itemName, $params, $assignments )
$user string|integer

The user ID. This should can be either an integer or a string representing the unique identifier of a user. See \yii\web\User::id.
$itemName string

The name of the operation that need access check
$params array

Name-value pairs that would be passed to rules associated with the tasks and roles assigned to the user. A param with name 'user' is added to this array, which holds the value of $userId.
$assignments \yii\rbac\Assignment[]

The assignments to the specified user
return boolean

Whether the operations can be performed by the user.
checkAccessRecursive() protected method

Performs access check for the specified user.

This method is internally called by checkAccess().

protected boolean checkAccessRecursive ( $user, $itemName, $params, $assignments )
$user string|integer

The user ID. This should can be either an integer or a string representing the unique identifier of a user. See \yii\web\User::id.
$itemName string

The name of the operation that need access check
$params array

Name-value pairs that would be passed to rules associated with the tasks and roles assigned to the user. A param with name 'user' is added to this array, which holds the value of $userId.
$assignments \yii\rbac\Assignment[]

The assignments to the specified user
return boolean

Whether the operations can be performed by the user.
detectLoop() protected method

Checks whether there is a loop in the authorization item hierarchy.

protected boolean detectLoop ( $parent, $child )
$parent \yii\rbac\Item

The parent item
$child \yii\rbac\Item

The child item to be added to the hierarchy
return boolean

Whether a loop exists
getAssignment() public method

public void getAssignment ( $roleName, $userId )
$roleName
$userId
getAssignments() public method

public void getAssignments ( $userId )
$userId
getChildren() public method

public void getChildren ( $name )
$name
getChildrenList() protected method

Returns the children for every parent.

protected array getChildrenList ( )
return array

The children list. Each array key is a parent item name, and the corresponding array value is a list of child item names.
getChildrenRecursive() protected method

Recursively finds all children and grand children of the specified item.

protected void getChildrenRecursive ( $name, $childrenList, &$result )
$name string

The name of the item whose children are to be looked for.
$childrenList array

The child list built via getChildrenList()
$result array

The children and grand children (in array keys)
getItem() protected method

protected void getItem ( $name )
$name
getItems() protected method

protected void getItems ( $type )
$type
getPermissionsByRole() public method

public void getPermissionsByRole ( $roleName )
$roleName
getPermissionsByUser() public method

public void getPermissionsByUser ( $userId )
$userId
getRolesByUser() public method

public void getRolesByUser ( $userId )
$userId
getRule() public method

public void getRule ( $name )
$name
getRules() public method

public void getRules ( )
getUserIdsByRole() public method

public void getUserIdsByRole ( $roleName )
$roleName
hasChild() public method

public void hasChild ( $parent, $child )
$parent
$child
init() public method

Initializes the application component.

This method overrides the parent implementation by establishing the MongoDB connection.

public void init ( )
invalidateCache() public method

Invalidates RBAC related cache

public void invalidateCache ( )
loadFromCache() public method

Loads data from cache

public void loadFromCache ( )
populateItem() protected method

Populates an auth item with the data fetched from collection

protected \yii\rbac\Item populateItem ( $row )
$row array

The data from the auth item collection
return \yii\rbac\Item

The populated auth item instance (either Role or Permission)
removeAll() public method

public void removeAll ( )
removeAllAssignments() public method

public void removeAllAssignments ( )
removeAllItems() protected method

Removes all auth items of the specified type.

protected void removeAllItems ( $type )
$type integer

The auth item type (either Item::TYPE_PERMISSION or Item::TYPE_ROLE)
removeAllPermissions() public method

public void removeAllPermissions ( )
removeAllRoles() public method

public void removeAllRoles ( )
removeAllRules() public method

public void removeAllRules ( )
removeChild() public method

public void removeChild ( $parent, $child )
$parent
$child
removeChildren() public method

public void removeChildren ( $parent )
$parent
removeItem() protected method

protected void removeItem ( $item )
$item
removeRule() protected method

protected void removeRule ( $rule )
$rule
revoke() public method

public void revoke ( $role, $userId )
$role
$userId
revokeAll() public method

public void revokeAll ( $userId )
$userId
updateItem() protected method

protected void updateItem ( $name, $item )
$name
$item
updateRule() protected method

protected void updateRule ( $name, $rule )
$name
$rule