Copied!

RoleService

RoleService.php : 29
Interface

This service provides methods for managing Roles and Policies.

Methods

publicaddPolicyByRoleDraft()

RoleService.php : 132

Adds a new policy to the RoleDraft.

 
public addPolicyByRoleDraft(RoleDraft $roleDraft, PolicyCreateStruct $policyCreateStruct) : RoleDraft

Parameters

Name Type Default value Description
$roleDraft RoleDraft - -
$policyCreateStruct PolicyCreateStruct - -

Return values

RoleDraft

Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to add a policy

Throws
InvalidArgumentException

if limitation of the same type is repeated in policy create struct or if limitation is not allowed on module/function

Throws
LimitationValidationException

if a limitation in the $policyCreateStruct is not valid

publicassignRoleToUser()

RoleService.php : 258

Assigns a role to the given user.

 
public assignRoleToUser(Role $role, User $user[, RoleLimitation|null $roleLimitation = null ]) : void

Parameters

Name Type Default value Description
$role Role - -
$user User - -
$roleLimitation RoleLimitation|null null

an optional role limitation (which is either a subtree limitation or section limitation)
Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to assign a role

Throws
LimitationValidationException

if $roleLimitation is not valid

Throws
InvalidArgumentException

If assignment already exists

publicassignRoleToUserGroup()

RoleService.php : 245

Assigns a role to the given user group.

 
public assignRoleToUserGroup(Role $role, UserGroup $userGroup[, RoleLimitation|null $roleLimitation = null ]) : void

Parameters

Name Type Default value Description
$role Role - -
$userGroup UserGroup - -
$roleLimitation RoleLimitation|null null

an optional role limitation (which is either a subtree limitation or section limitation)
Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to assign a role

Throws
LimitationValidationException

if $roleLimitation is not valid

Throws
InvalidArgumentException

If assignment already exists

publiccopyRole()

RoleService.php : 74

Copies an existing Role.

 
public copyRole(Role $role, RoleCopyStruct $roleCopyStruct) : Role

Parameters

Name Type Default value Description
$role Role - -
$roleCopyStruct RoleCopyStruct - -

Return values

Role

Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to copy a role

Throws
InvalidArgumentException

if the name of the role already exists or if limitation of the same type is repeated in the policy create struct or if limitation is not allowed on module/function

Throws
LimitationValidationException

if a policy limitation in the $roleCopyStruct is not valid

Throws
BadStateException

if CopyRoleEvent does not posses valid Role object

Throws
NotFoundException

if newly cloned Role does not exist

publiccountRoleAssignments()

RoleService.php : 305

Returns the number of users and user groups assigned to this role.

 
public countRoleAssignments(Role $role) : int

Parameters

Name Type Default value Description
$role Role - -

Return values

int

Tags
Throws
BadStateException
Throws
InvalidArgumentException
Throws
UnauthorizedException

if the authenticated user is not allowed to read a role

publiccreateRole()

RoleService.php : 45

Creates a new RoleDraft.

 
public createRole(RoleCreateStruct $roleCreateStruct) : RoleDraft

Parameters

Name Type Default value Description
$roleCreateStruct RoleCreateStruct - -

Return values

RoleDraft

Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to create a role

Throws
InvalidArgumentException

if the name of the role already exists or if limitation of the same type is repeated in the policy create struct or if limitation is not allowed on module/function

Throws
LimitationValidationException

if a policy limitation in the $roleCreateStruct is not valid

publiccreateRoleDraft()

RoleService.php : 60

Creates a new RoleDraft for existing Role.

 
public createRoleDraft(Role $role) : RoleDraft

Parameters

Name Type Default value Description
$role Role - -

Return values

RoleDraft

Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to create a role

Throws
InvalidArgumentException

if the Role already has a Role Draft that will need to be removed first

Throws
LimitationValidationException

if a policy limitation in the $roleCreateStruct is not valid

publicdeleteRole()

RoleService.php : 232

Deletes the given role.

 
public deleteRole(Role $role) : void

Parameters

Name Type Default value Description
$role Role - -
Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to delete this role

publicdeleteRoleDraft()

RoleService.php : 181

Deletes the given RoleDraft.

 
public deleteRoleDraft(RoleDraft $roleDraft) : void

Parameters

Name Type Default value Description
$roleDraft RoleDraft - -
Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to delete this RoleDraft

publicgetLimitationType()

RoleService.php : 389

Returns the LimitationType registered with the given identifier.

 
public getLimitationType(string $identifier) : Type

Parameters

Name Type Default value Description
$identifier string - -

Return values

Type

Tags
Throws
RuntimeException

On missing Limitation

publicgetLimitationTypesByModuleFunction()

RoleService.php : 406

Returns the LimitationType's assigned to a given module/function.

 
public getLimitationTypesByModuleFunction(string $module, string $function) : array<string|int, Type>

Typically used for:

  • Internal validation limitation value use on Policies
  • Role admin gui for editing policy limitations incl list limitation options via valueSchema()

Parameters

Name Type Default value Description
$module string -

Legacy name of "controller", it's a unique identifier like "content"
$function string -

Legacy name of a controller "action", it's a unique within the controller like "read"

Return values

array<string|int, Type>

Tags
Throws
BadStateException

If module/function to limitation type mapping refers to a non existing identifier.

publicgetRoleAssignments()

RoleService.php : 281

Returns the assigned user and user groups to this role.

 
public getRoleAssignments(Role $role) : array<string|int, RoleAssignment>

Parameters

Name Type Default value Description
$role Role - -

Return values

array<string|int, RoleAssignment>

Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to read a role

publicgetRoleAssignmentsForUser()

RoleService.php : 320

Returns UserRoleAssignments assigned to the given User, excluding the ones the current user is not allowed to read.

 
public getRoleAssignmentsForUser(User $user[, bool $inherited = false ]) : array<string|int, UserRoleAssignment>|array<string|int, UserGroupRoleAssignment>

If second parameter $inherited is true then UserGroupRoleAssignment is also returned for UserGroups User is placed in as well as those inherited from parent UserGroups.

Parameters

Name Type Default value Description
$user User - -
$inherited bool false

Also return all inherited Roles from UserGroups User belongs to, and it's parents.

Return values

array<string|int, UserRoleAssignment>|array<string|int, UserGroupRoleAssignment>

Tags
Throws
InvalidArgumentException

On invalid User object

publicgetRoleAssignmentsForUserGroup()

RoleService.php : 329

Returns the UserGroupRoleAssignments assigned to the given UserGroup, excluding the ones the current user is not allowed to read.

 
public getRoleAssignmentsForUserGroup(UserGroup $userGroup) : array<string|int, UserGroupRoleAssignment>

Parameters

Name Type Default value Description
$userGroup UserGroup - -

Return values

array<string|int, UserGroupRoleAssignment>

publicloadRole()

RoleService.php : 204

Loads a role for the given id.

 
public loadRole(int $id) : Role

Parameters

Name Type Default value Description
$id int - -

Return values

Role

Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to read this role

Throws
NotFoundException

if a role with the given name was not found

publicloadRoleAssignment()

RoleService.php : 270

Loads a role assignment for the given id.

 
public loadRoleAssignment(int $roleAssignmentId) : RoleAssignment

Parameters

Name Type Default value Description
$roleAssignmentId int - -

Return values

RoleAssignment

Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to read this role

Throws
NotFoundException

If the role assignment was not found

publicloadRoleAssignments()

RoleService.php : 292

Returns the assigned users and user groups to this role with $offset and $limit arguments.

 
public loadRoleAssignments(Role $role[, int $offset = 0 ][, int|null $limit = null ]) : array<string|int, RoleAssignment>

Parameters

Name Type Default value Description
$role Role - -
$offset int 0 -
$limit int|null null -

Return values

array<string|int, RoleAssignment>

Tags
Throws
BadStateException
Throws
InvalidArgumentException
Throws
UnauthorizedException

if the authenticated user is not allowed to read a role

publicloadRoleByIdentifier()

RoleService.php : 216

Loads a role for the given identifier.

 
public loadRoleByIdentifier(string $identifier) : Role

Parameters

Name Type Default value Description
$identifier string - -

Return values

Role

Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to read this role

Throws
NotFoundException

if a role with the given name was not found

publicloadRoleDraft()

RoleService.php : 88

Loads a RoleDraft for the given id.

 
public loadRoleDraft(int $id) : RoleDraft

Parameters

Name Type Default value Description
$id int - -

Return values

RoleDraft

Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to read this role

Throws
NotFoundException

if a RoleDraft with the given id was not found

publicloadRoleDraftByRoleId()

RoleService.php : 100

Loads a RoleDraft by the ID of the role it was created from.

 
public loadRoleDraftByRoleId(int $roleId) : RoleDraft

Parameters

Name Type Default value Description
$roleId int -

ID of the role the draft was created from.

Return values

RoleDraft

Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to read this role

Throws
NotFoundException

if a RoleDraft with the given id was not found

publicloadRoles()

RoleService.php : 223

Loads all roles, excluding the ones the current user is not allowed to read.

 
public loadRoles() : array<string|int, Role>

Return values

array<string|int, Role>

publicnewPolicyCreateStruct()

RoleService.php : 364

Instantiates a policy create class.

 
public newPolicyCreateStruct(string $module, string $function) : PolicyCreateStruct

Parameters

Name Type Default value Description
$module string - -
$function string - -

Return values

PolicyCreateStruct

publicnewPolicyUpdateStruct()

RoleService.php : 371

Instantiates a policy update class.

 
public newPolicyUpdateStruct() : PolicyUpdateStruct

Return values

PolicyUpdateStruct

publicnewRoleCopyStruct()

RoleService.php : 354

Instantiates a role copy struct.

 
public newRoleCopyStruct(string $name) : RoleCopyStruct

Parameters

Name Type Default value Description
$name string - -

Return values

RoleCopyStruct

publicnewRoleCreateStruct()

RoleService.php : 349

Instantiates a role create class.

 
public newRoleCreateStruct(string $name) : RoleCreateStruct

Parameters

Name Type Default value Description
$name string - -

Return values

RoleCreateStruct

publicnewRoleUpdateStruct()

RoleService.php : 378

Instantiates a policy update class.

 
public newRoleUpdateStruct() : RoleUpdateStruct

Return values

RoleUpdateStruct

publicpublishRoleDraft()

RoleService.php : 192

Publishes the given RoleDraft.

 
public publishRoleDraft(RoleDraft $roleDraft) : void

Parameters

Name Type Default value Description
$roleDraft RoleDraft - -
Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to publish this RoleDraft

publicremovePolicyByRoleDraft()

RoleService.php : 147

Removes a policy from a RoleDraft.

 
public removePolicyByRoleDraft(RoleDraft $roleDraft, PolicyDraft $policyDraft) : RoleDraft

Parameters

Name Type Default value Description
$roleDraft RoleDraft - -
$policyDraft PolicyDraft -

the policy to remove from the RoleDraft

Return values

RoleDraft

Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to remove a policy

Throws
InvalidArgumentException

if policy does not belong to the given RoleDraft

publicremoveRoleAssignment()

RoleService.php : 340

Removes the given role assignment.

 
public removeRoleAssignment(RoleAssignment $roleAssignment) : void

i.e. unassigns a user or a user group from a role with the given limitations

Parameters

Name Type Default value Description
$roleAssignment RoleAssignment - -
Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to remove a role assignment

publicupdatePolicyByRoleDraft()

RoleService.php : 166

Updates the limitations of a policy. The module and function cannot be changed and the limitations are replaced by the ones in $roleUpdateStruct.

 
public updatePolicyByRoleDraft(RoleDraft $roleDraft, PolicyDraft $policy, PolicyUpdateStruct $policyUpdateStruct) : PolicyDraft

Parameters

Name Type Default value Description
$roleDraft RoleDraft - -
$policy PolicyDraft - -
$policyUpdateStruct PolicyUpdateStruct - -

Return values

PolicyDraft

Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to update a policy

Throws
InvalidArgumentException

if limitation of the same type is repeated in policy update struct or if limitation is not allowed on module/function

Throws
LimitationValidationException

if a limitation in the $policyUpdateStruct is not valid

publicupdateRoleDraft()

RoleService.php : 115

Updates the properties of a RoleDraft.

 
public updateRoleDraft(RoleDraft $roleDraft, RoleUpdateStruct $roleUpdateStruct) : RoleDraft

Parameters

Name Type Default value Description
$roleDraft RoleDraft - -
$roleUpdateStruct RoleUpdateStruct - -

Return values

RoleDraft

Tags
Throws
UnauthorizedException

if the authenticated user is not allowed to update a role

Throws
InvalidArgumentException

if the identifier of the RoleDraft already exists