An AuthManager for Yii that stores the hierarchy in a flat PHP file and the assignmens in DB.
This class is a combination of CDbAuthManager and CPhpAuthManager:
- The authorization hierarchy is stored in a flat PHP file
- Authorization assignments are stored in the database
This is useful if the authorization hierarchy is almost static and not very complex.
You can manage the authorization hierarchy in data/auth.php. To not loose the comments there, you should avoid to call any method to create auth items or add child items - even though it's supported.
We recommend to install the extension with composer. Add this to
require section of your
'codemix/hybridautmanager' : 'dev-master'
Note: There's no stable version yet.
If you haven't yet, you should also add an alias to composer's vendor directory.
$vendor = realpath(__DIR__.'/../vendor'); return array( 'alias' => array( 'vendor' => realpath(__DIR__.'/../vendor'), // Fix this path ), ...
Add this configuration to your
'components' => array( 'authManager' => array( 'class' => 'vendor.codemix.hybridautmanager.HybridAuthManager', ), ... ),
Just as with
need to supply a file with auth rules. By default this is in
data/auth.php. But here you only
have to supply the auth hierarchy:
return array( // Admin == Root (Full permissions). 'Admin' => array( 'type' => CAuthItem::TYPE_ROLE, 'description' => 'Administrator', 'children' => array( 'manageUser', 'managePosts', ), ), 'manageUser' => array( 'type' => CAuthItem::TYPE_TASK, 'children' => array( 'createUser', 'updateUser', 'deleteUser', 'readUser', ), ), 'createUser' => array('type' => CAuthItem::TYPE_OPERATION), 'updateUser' => array('type' => CAuthItem::TYPE_OPERATION), 'deleteUser' => array('type' => CAuthItem::TYPE_OPERATION), 'readUser' => array('type' => CAuthItem::TYPE_OPERATION), );
The content of this file will be cached unless you set
The actual Role assignments will be saved in a DB table
auth_assignments by default.
You can change this name with the
assignmentTable property of the
The component can cache the RBAC hierarchy and auth assignments. You can configure
the cache component ID on
By default the hierarchy file content is cache
3600 seconds. You can configure this
Caching auth assigments
You can set the number of seconds to cache auth assignments in
The assignments will be cached per user to avoid DB calls on each request. By default this
is set to
0 which means, that assignments will only be cached throughout the current
requests, i.e. on consecutive calls of
Set this property to
false to completely disable caching.