Added `$user` as the first parameter of `yii\rbac\Rule::execute()`

framework/CHANGELOG.md

@@ -15,6 +15,7 @@ Yii Framework 2 Change Log
 - Enh: Added support for using sub-queries when building a DB query with `IN` condition (qiangxue)
 - Enh: Supported adding a new response formatter without the need to reconfigure existing formatters (qiangxue)
 - Chg: Replaced `clearAll()` and `clearAllAssignments()` in `yii\rbac\ManagerInterface` with `removeAll()`, `removeAllRoles()`, `removeAllPermissions()`, `removeAllRules()` and `removeAllAssignments()` (qiangxue)
+- Chg: Added `$user` as the first parameter of `yii\rbac\Rule::execute()` (qiangxue)
 
 
 2.0.0-beta April 13, 2014

framework/UPGRADE.md

@@ -14,3 +14,6 @@ Upgrade from Yii 2.0 Beta
 
 * If you used `clearAll()` or `clearAllAssignments()` of `yii\rbac\DbManager`, you should replace
   them with `removeAll()` and `removeAllAssignments()` respectively.
+* If you created RBAC rule classes, you should modify their `execute()` method by adding `$user`
+  as the first parameter: `execute($user, $item, $params)`. The `$user` parameter represents
+  the ID of the user currently being access checked. Previously, this is passed via `$params['user']`.

framework/rbac/DbManager.php

@@ -74,9 +74,6 @@ class DbManager extends BaseManager
     public function checkAccess($userId, $permissionName, $params = [])
     {
         $assignments = $this->getAssignments($userId);
-        if (!isset($params['user'])) {
-            $params['user'] = $userId;
-        }
         return $this->checkAccessRecursive($userId, $permissionName, $params, $assignments);
     }
 
@@ -100,7 +97,7 @@ class DbManager extends BaseManager
 
         Yii::trace($item instanceof Role ? "Checking role: $itemName" : "Checking permission: $itemName", __METHOD__);
 
-        if (!$this->executeRule($item, $params)) {
+        if (!$this->executeRule($user, $item, $params)) {
             return false;
         }
 

framework/rbac/PhpManager.php

@@ -76,9 +76,6 @@ class PhpManager extends BaseManager
     public function checkAccess($userId, $permissionName, $params = [])
     {
         $assignments = $this->getAssignments($userId);
-        if (!isset($params['user'])) {
-            $params['user'] = $userId;
-        }
         return $this->checkAccessRecursive($userId, $permissionName, $params, $assignments);
     }
 
@@ -113,7 +110,7 @@ class PhpManager extends BaseManager
         $item = $this->_items[$itemName];
         Yii::trace($item instanceof Role ? "Checking role: $itemName" : "Checking permission : $itemName", __METHOD__);
 
-        if (!$this->executeRule($item, $params)) {
+        if (!$this->executeRule($user, $item, $params)) {
             return false;
         }
 

framework/rbac/Rule.php

@@ -33,9 +33,11 @@ abstract class Rule extends Object
     /**
      * Executes the rule.
      *
+     * @param string|integer $user the user ID. This should be either an integer or a string representing
+     * the unique identifier of a user. See [[\yii\web\User::id]].
      * @param Item $item the auth item that this rule is associated with
      * @param array $params parameters passed to [[ManagerInterface::allow()]].
      * @return boolean a value indicating whether the rule permits the auth item it is associated with.
      */
-    abstract public function execute($item, $params);
+    abstract public function execute($user, $item, $params);
 }

tests/unit/framework/rbac/AuthorRule.php

@@ -14,8 +14,8 @@ class AuthorRule extends Rule
     /**
      * @inheritdoc
      */
-    public function execute($item, $params)
+    public function execute($user, $item, $params)
     {
-        return $params['authorID'] == $params['user'];
+        return $params['authorID'] == $user;
     }
 }

tests/unit/framework/rbac/ManagerTestCase.php

@@ -2,7 +2,6 @@
 
 namespace yiiunit\framework\rbac;
 
-use yii\rbac\Assignment;
 use yii\rbac\Item;
 use yii\rbac\Permission;
 use yii\rbac\Role;