Auth entities (users,roles,rights) management. More...
Inheritance diagram for AuthManager:
Public Member Functions | |
| sname ($sname, $type) | |
| Translate "system name" of auth entity to numeric ID. More... | |
| genPassw () | |
| Generate random password. More... | |
| mkUser ($sname, $fullName=null, $srole=null, $annot='') | |
| Make user $sname. More... | |
| rmUser ($sname) | |
| Remove user $sname. More... | |
| cpUser ($sname1, $sname2) | |
| Copy rights and roles from user $sname1 to user $sname2. More... | |
| mkRight ($sname, $annot='') | |
| Make right $sname with annotation $annot. More... | |
| rmRight ($sname, $force=false) | |
| Remove right $sname. More... | |
| setRight ($right) | |
| Change right values (SNAME, ANNOT, ...) More... | |
| mkRole ($sname, $annot='') | |
| Make role $sname with annotation $annot. More... | |
| rmRole ($sname, $force=false) | |
| Remove role $sname. More... | |
| cpRole ($sname1, $sname2) | |
| Copy rights from role $sname1 to role $sname2. More... | |
| rGrant ($srole, $sright, $rval='1', $obj_id=0) | |
| Grant/revoke right $sright to role $srole. More... | |
| uGrant ($suser, $sright, $rval='1', $obj_id=0) | |
| Grant/revoke right $sright to user $suser. More... | |
| uRole ($suser, $srole, $assign=true, $obj_id=0) | |
| Assign/revoke role $srole to user $suser. More... | |
| getUser ($sname) | |
| Return user account of user $sname (row from table AUTH_USERS) More... | |
| setUser ($sname, array $user) | |
| Set user account with array $user. More... | |
| setPassw ($sname, $passw) | |
| Set password $passw for user $sname. More... | |
| deleteAllAuthData () | |
| Caution! Empty all AUTH tables! More... | |
 Public Member Functions inherited from AuthBase | |
| __construct () | |
| Constructor - load config parameters. | |
| passwordHash ($password) | |
| Return password hash. More... | |
| passwordHashVerify ($password, $hash) | |
| Verify password hash. More... | |
| setError ($message) | |
| Add error message into ->errors variable. More... | |
| Public Member Functions inherited from BaseObject | |
| loadDefaults ($className=null) | |
| Load default parameters of class $className into object instance. | |
| setProperties (array $defaults) | |
| Set public properties of object from the array. More... | |
| toArray () | |
| Convert object to array. More... | |
Data Fields | |
| $db | |
| var Db | |
| Data Fields inherited from AuthBase | |
| $errors = array() | |
| Array of error messages (if any) | |
| $secret | |
| Secret string used for enpowerment of md5 hash. | |
| $passwordAlgo | |
| Password algorhitm - can be 'md5', 'bcrypt', 'bcrypt-md5'. | |
| $passwordCost = 10 | |
| Bcrypt cost. | |
| $throwsExceptions = false | |
| Throws exceptions instead of just collecting errors in ->errors. | |
| Data Fields inherited from BaseObject | |
| $serviceLocator | |
| var function() Return service object when requested with service(). | |
Additional Inherited Members | |
| Static Public Member Functions inherited from BaseObject | |
| static | defaults () |
| Set or retireve default parameters of the object. More... | |
| Protected Member Functions inherited from AuthBase | |
| log ($category, $messageId, $message=null, $itemId=null) | |
| log security issue using App->logger. | |
| Protected Member Functions inherited from BaseObject | |
| service ($service, $default=null) | |
| Try acquire $service and load it into property $this->$service. More... | |
| Protected Attributes inherited from AuthBase | |
| $app | |
| var App | |
Detailed Description
Auth entities (users,roles,rights) management.
Features:
- Manage auth entities: user, role and right (permission).
- You can create entity (mk), delete entity (rm), set entity, or assign one entity to another (grant).
Member Function Documentation
◆ cpRole()
| cpRole | ( | $sname1, | |
| $sname2 | |||
| ) |
Copy rights from role $sname1 to role $sname2.
Both must exists.
- Parameters
-
string $sname1 Source "role_name" or "#role_id" string $sname2 Destination role_name" or "#role_id"
- Returns
- int $n Number of copied rights.
◆ cpUser()
| cpUser | ( | $sname1, | |
| $sname2 | |||
| ) |
Copy rights and roles from user $sname1 to user $sname2.
Both must exists.
- Parameters
-
string $sname1 Source "user_name" or "#user_id" string $sname2 Destination "user_name" or "#user_id"
- Returns
- int $n Number of copied entities.
◆ deleteAllAuthData()
| deleteAllAuthData | ( | ) |
Caution! Empty all AUTH tables!
- Returns
- bool $ok
◆ genPassw()
| genPassw | ( | ) |
Generate random password.
- Returns
- string $password
◆ getUser()
| getUser | ( | $sname | ) |
Return user account of user $sname (row from table AUTH_USERS)
- Parameters
-
string $sname User name or #id
- Returns
- array $user
◆ mkRight()
| mkRight | ( | $sname, | |
$annot = '' |
|||
| ) |
Make right $sname with annotation $annot.
If right exists, throw error.
- Parameters
-
string $sname "entity_name" string $annot annotation string
- Returns
- int $id ID of new right
◆ mkRole()
| mkRole | ( | $sname, | |
$annot = '' |
|||
| ) |
Make role $sname with annotation $annot.
If role exists, throw error.
- Parameters
-
string $sname "entity_name" string $annot annotation string
- Returns
- int $id ID of new role
◆ mkUser()
| mkUser | ( | $sname, | |
$fullName = null, |
|||
$srole = null, |
|||
$annot = '' |
|||
| ) |
Make user $sname.
If user exists, throw error.
- Parameters
-
string $sname username string $fullName User's full name. string $srole Role name or #id which will be assigned to user. string $annot Annotation string.
- Returns
- int $id ID of new user
◆ rGrant()
| rGrant | ( | $srole, | |
| $sright, | |||
$rval = '1', |
|||
$obj_id = 0 |
|||
| ) |
Grant/revoke right $sright to role $srole.
Both must exists.
- Parameters
-
string $srole "role_name" or "#role_id" string $sright "right_name" or "#right_id" string $rval Value of the right. If null, right is removed from role. int $obj_id Resource object ID for which right is granted. Value '0' means any object.
- Returns
- bool $ok
◆ rmRight()
| rmRight | ( | $sname, | |
$force = false |
|||
| ) |
Remove right $sname.
If right is used in role or user, throw error.
- Parameters
-
string $sname "entity_name" or "#entity_id" string $force Force remove even if right is in use.
- Returns
- bool $ok
◆ rmRole()
| rmRole | ( | $sname, | |
$force = false |
|||
| ) |
Remove role $sname.
If role is assigned to user, throw error.
- Parameters
-
string $sname "entity_name" or "#entity_id" string $force Force remove even if role is in use.
- Returns
- bool $ok
◆ rmUser()
| rmUser | ( | $sname | ) |
Remove user $sname.
- Parameters
-
string $sname "entity_name" or "#entity_id"
- Returns
- bool $ok
◆ setPassw()
| setPassw | ( | $sname, | |
| $passw | |||
| ) |
Set password $passw for user $sname.
- Parameters
-
string $sname "user_name" or "#user_id" string $passw Password
- Returns
- bool $ok
◆ setRight()
| setRight | ( | $right | ) |
Change right values (SNAME, ANNOT, ...)
- Parameters
-
array $right
- Returns
- bool $ok
◆ setUser()
| setUser | ( | $sname, | |
| array | $user | ||
| ) |
Set user account with array $user.
Array $user must contain ID of user. Throw error if user does not exists. Field PASSW is never set with this function - use setpassw().
- Parameters
-
array $user User data - table AUTH_USERS will be updated with this.
- Returns
- bool $ok
- See also
- setpassw()
◆ sname()
| sname | ( | $sname, | |
| $type | |||
| ) |
Translate "system name" of auth entity to numeric ID.
Entity can be role, right or user. For system name see column SNAME in AUTH_* tables - ID is primary key from relevant db-table.
- Parameters
-
string $sname "entity_name" or "#entity_id" enum $type ("user", "role", "right")
◆ uGrant()
| uGrant | ( | $suser, | |
| $sright, | |||
$rval = '1', |
|||
$obj_id = 0 |
|||
| ) |
Grant/revoke right $sright to user $suser.
Both must exists.
- Parameters
-
string $suser "user_name" or "#user_id" string $sright "right_name" or "#right_id" string $rval Value of the right. If null, right is removed from role. int $obj_id Resource object ID for which right is granted. Value '0' means any object.
- Returns
- bool $ok
◆ uRole()
| uRole | ( | $suser, | |
| $srole, | |||
$assign = true, |
|||
$obj_id = 0 |
|||
| ) |
Assign/revoke role $srole to user $suser.
Both must exists. Last assigned role has highest priority. See field R_PRIORITY in table AUTH_USER_ROLE - '1' means highest.
- Parameters
-
string $suser "user_name" or "#user_id" string $srole "role_name" or "#role_id" bool $assign assign/revoke int $obj_id Resource object ID for which role is granted. Value '0' means any object.
- Returns
- bool $ok
The documentation for this class was generated from the following file:
