14 public $superuserName;
18 private $_authManager;
27 $this->_authManager = Yii::app()->getAuthManager();
38 public function getRoles($includeSuperuser =
true, $sort =
true)
40 $exclude = $includeSuperuser===
false ? array($this->superuserName) : array();
41 $roles = $this->
getAuthItems(CAuthItem::TYPE_ROLE, null, null, $sort, $exclude);
58 public function createAuthItem($name, $type, $description =
'', $bizRule = null, $data = null)
60 $bizRule = $bizRule!==
'' ? $bizRule : null;
66 return $this->_authManager->createAuthItem($name, $type, $description, $bizRule, $data);
79 public function updateAuthItem($oldName, $name, $description =
'', $bizRule = null, $data = null)
81 $authItem = $this->_authManager->getAuthItem($oldName);
82 $authItem->name = $name;
83 $authItem->description = $description!==
'' ? $description : null;
84 $authItem->bizRule = $bizRule!==
'' ? $bizRule : null;
87 if (@unserialize($data)===
false) {
91 $this->_authManager->saveAuthItem($authItem, $oldName);
107 public function getAuthItems($types = null, $userId = null, CAuthItem $parent = null, $sort =
true, $exclude = array())
110 if ($types!==(array)$types) {
111 $items = $this->_authManager->getAuthItems($types, $userId, $sort);
114 $typeItemList = array();
115 foreach ($types as $type) {
116 $typeItemList[$type] = $this->_authManager->getAuthItems($type, $userId, $sort);
121 foreach ($typeItemList as $typeItems) {
142 foreach ($array2 as $itemName => $item) {
143 if (isset($array1[$itemName])===
false) {
144 $array1[$itemName] = $item;
165 if ($parent!==null) {
166 $exclude[] = $parent->name;
167 foreach ($parent->getChildren() as $childName => $child) {
168 $exclude[] = $childName;
173 $exclude = array_merge($parentNames, $exclude);
177 foreach ($exclude as $itemName) {
178 if (isset($items[$itemName])) {
179 unset($items[$itemName]);
199 if (($item instanceof CAuthItem)===
false) {
200 $item = $this->_authManager->getAuthItem($item);
204 $parentNames = $this->getAuthItemParentsRecursive($item->name, $permissions, $direct);
205 $parents = $this->_authManager->getAuthItemsByNames($parentNames);
209 foreach ($parents as $parentName => $parent) {
210 if ((
int)$parent->type!==$type) {
211 unset($parents[$parentName]);
228 private function getAuthItemParentsRecursive($itemName, $items, $direct)
231 foreach ($items as $childName => $children) {
232 if ($children!==array()) {
233 if (isset($children[$itemName])) {
234 if (isset($parents[$childName])===
false) {
235 $parents[$childName] = $childName;
238 if (($p = $this->getAuthItemParentsRecursive($itemName, $children, $direct))!==array()) {
239 if ($direct===
false && isset($parents[$childName])===
false) {
240 $parents[$childName] = $childName;
243 $parents = array_merge($parents, $p);
263 if (($item instanceof CAuthItem)===
false) {
264 $item = $this->_authManager->getAuthItem($item);
267 $childrenNames = array();
268 foreach ($item->getChildren() as $childName => $child) {
269 if ($type===null || (
int)$child->type===$type) {
270 $childrenNames[] = $childName;
274 $children = $this->_authManager->getAuthItemsByNames($childrenNames);
292 if ($items instanceof CAuthItem) {
295 }
else if ($items===(array)$items) {
296 foreach ($items as $item) {
312 $assignments = $this->_authManager->getAssignmentsByItemName(
Rights::module()->superuserName);
314 $userIdList = array();
315 foreach ($assignments as $userId => $assignment) {
316 $userIdList[] = $userId;
319 $criteria =
new CDbCriteria();
320 $criteria->addInCondition(
Rights::module()->userIdColumn, $userIdList);
323 $users = CActiveRecord::model($userClass)->findAll($criteria);
326 $superusers = array();
327 foreach ($users as $user) {
328 $superusers[] = $user->email;
333 if ($superusers===array()) {
334 throw new CHttpException(403,
Rights::t(
'core',
'There must be at least one superuser!'));
352 if ($users instanceof $userClass) {
355 else if ($users===(array)$users) {
356 foreach ($users as $user) {
373 $assignments = $this->_authManager->getAuthAssignments($userId);
374 return isset($assignments[$this->superuserName]);
387 $permissions = array();
389 if ($itemName!==null) {
390 $item = $this->_authManager->getAuthItem($itemName);
391 $permissions = $this->getPermissionsRecursive($item);
393 foreach ($this->
getRoles() as $roleName => $role) {
394 $permissions[$roleName] = $this->getPermissionsRecursive($role);
408 private function getPermissionsRecursive(CAuthItem $item)
410 $permissions = array();
411 foreach ($item->getChildren() as $childName => $child) {
412 $permissions[$childName] = array();
413 if (($grandChildren = $this->getPermissionsRecursive($child))!==array()) {
414 $permissions[$childName] = $grandChildren;
430 public function hasPermission($itemName, $parentName = null, $permissions = array())
432 if ($parentName!==null) {
433 if ($parentName===$this->superuserName) {
440 if (isset($permissions[$itemName])) {
444 foreach ($permissions as $children) {
445 if ($children!==array()) {
465 $languageConstructs = array(
479 foreach ($languageConstructs as $lc) {
480 if (preg_match(
'/'.$lc.
'\ *\(?\ *[\"\']+/', $code) > 0) {
486 $definedFunctions = get_defined_functions();
487 $functions = array_merge($definedFunctions[
'internal'], $definedFunctions[
'user']);
491 foreach ($functions as $f) {
492 if (preg_match(
'/'.$f.
'\ *\({1}/', $code) > 0) {
498 $result = @eval($code);
501 return $result!==
false ? $result : null;
509 return $this->_authManager;