ManagerInterface.php 8.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260
  1. <?php
  2. /**
  3. * @link http://www.yiiframework.com/
  4. * @copyright Copyright (c) 2008 Yii Software LLC
  5. * @license http://www.yiiframework.com/license/
  6. */
  7. namespace yii\rbac;
  8. /**
  9. * For more details and usage information on ManagerInterface, see the [guide article on security authorization](guide:security-authorization).
  10. *
  11. * @author Qiang Xue <qiang.xue@gmail.com>
  12. * @since 2.0
  13. */
  14. interface ManagerInterface extends CheckAccessInterface
  15. {
  16. /**
  17. * Creates a new Role object.
  18. * Note that the newly created role is not added to the RBAC system yet.
  19. * You must fill in the needed data and call [[add()]] to add it to the system.
  20. * @param string $name the role name
  21. * @return Role the new Role object
  22. */
  23. public function createRole($name);
  24. /**
  25. * Creates a new Permission object.
  26. * Note that the newly created permission is not added to the RBAC system yet.
  27. * You must fill in the needed data and call [[add()]] to add it to the system.
  28. * @param string $name the permission name
  29. * @return Permission the new Permission object
  30. */
  31. public function createPermission($name);
  32. /**
  33. * Adds a role, permission or rule to the RBAC system.
  34. * @param Role|Permission|Rule $object
  35. * @return bool whether the role, permission or rule is successfully added to the system
  36. * @throws \Exception if data validation or saving fails (such as the name of the role or permission is not unique)
  37. */
  38. public function add($object);
  39. /**
  40. * Removes a role, permission or rule from the RBAC system.
  41. * @param Role|Permission|Rule $object
  42. * @return bool whether the role, permission or rule is successfully removed
  43. */
  44. public function remove($object);
  45. /**
  46. * Updates the specified role, permission or rule in the system.
  47. * @param string $name the old name of the role, permission or rule
  48. * @param Role|Permission|Rule $object
  49. * @return bool whether the update is successful
  50. * @throws \Exception if data validation or saving fails (such as the name of the role or permission is not unique)
  51. */
  52. public function update($name, $object);
  53. /**
  54. * Returns the named role.
  55. * @param string $name the role name.
  56. * @return null|Role the role corresponding to the specified name. Null is returned if no such role.
  57. */
  58. public function getRole($name);
  59. /**
  60. * Returns all roles in the system.
  61. * @return Role[] all roles in the system. The array is indexed by the role names.
  62. */
  63. public function getRoles();
  64. /**
  65. * Returns the roles that are assigned to the user via [[assign()]].
  66. * Note that child roles that are not assigned directly to the user will not be returned.
  67. * @param string|int $userId the user ID (see [[\yii\web\User::id]])
  68. * @return Role[] all roles directly assigned to the user. The array is indexed by the role names.
  69. */
  70. public function getRolesByUser($userId);
  71. /**
  72. * Returns child roles of the role specified. Depth isn't limited.
  73. * @param string $roleName name of the role to file child roles for
  74. * @return Role[] Child roles. The array is indexed by the role names.
  75. * First element is an instance of the parent Role itself.
  76. * @throws \yii\base\InvalidParamException if Role was not found that are getting by $roleName
  77. * @since 2.0.10
  78. */
  79. public function getChildRoles($roleName);
  80. /**
  81. * Returns the named permission.
  82. * @param string $name the permission name.
  83. * @return null|Permission the permission corresponding to the specified name. Null is returned if no such permission.
  84. */
  85. public function getPermission($name);
  86. /**
  87. * Returns all permissions in the system.
  88. * @return Permission[] all permissions in the system. The array is indexed by the permission names.
  89. */
  90. public function getPermissions();
  91. /**
  92. * Returns all permissions that the specified role represents.
  93. * @param string $roleName the role name
  94. * @return Permission[] all permissions that the role represents. The array is indexed by the permission names.
  95. */
  96. public function getPermissionsByRole($roleName);
  97. /**
  98. * Returns all permissions that the user has.
  99. * @param string|int $userId the user ID (see [[\yii\web\User::id]])
  100. * @return Permission[] all permissions that the user has. The array is indexed by the permission names.
  101. */
  102. public function getPermissionsByUser($userId);
  103. /**
  104. * Returns the rule of the specified name.
  105. * @param string $name the rule name
  106. * @return null|Rule the rule object, or null if the specified name does not correspond to a rule.
  107. */
  108. public function getRule($name);
  109. /**
  110. * Returns all rules available in the system.
  111. * @return Rule[] the rules indexed by the rule names
  112. */
  113. public function getRules();
  114. /**
  115. * Checks the possibility of adding a child to parent.
  116. * @param Item $parent the parent item
  117. * @param Item $child the child item to be added to the hierarchy
  118. * @return bool possibility of adding
  119. *
  120. * @since 2.0.8
  121. */
  122. public function canAddChild($parent, $child);
  123. /**
  124. * Adds an item as a child of another item.
  125. * @param Item $parent
  126. * @param Item $child
  127. * @return bool whether the child successfully added
  128. * @throws \yii\base\Exception if the parent-child relationship already exists or if a loop has been detected.
  129. */
  130. public function addChild($parent, $child);
  131. /**
  132. * Removes a child from its parent.
  133. * Note, the child item is not deleted. Only the parent-child relationship is removed.
  134. * @param Item $parent
  135. * @param Item $child
  136. * @return bool whether the removal is successful
  137. */
  138. public function removeChild($parent, $child);
  139. /**
  140. * Removed all children form their parent.
  141. * Note, the children items are not deleted. Only the parent-child relationships are removed.
  142. * @param Item $parent
  143. * @return bool whether the removal is successful
  144. */
  145. public function removeChildren($parent);
  146. /**
  147. * Returns a value indicating whether the child already exists for the parent.
  148. * @param Item $parent
  149. * @param Item $child
  150. * @return bool whether `$child` is already a child of `$parent`
  151. */
  152. public function hasChild($parent, $child);
  153. /**
  154. * Returns the child permissions and/or roles.
  155. * @param string $name the parent name
  156. * @return Item[] the child permissions and/or roles
  157. */
  158. public function getChildren($name);
  159. /**
  160. * Assigns a role to a user.
  161. *
  162. * @param Role|Permission $role
  163. * @param string|int $userId the user ID (see [[\yii\web\User::id]])
  164. * @return Assignment the role assignment information.
  165. * @throws \Exception if the role has already been assigned to the user
  166. */
  167. public function assign($role, $userId);
  168. /**
  169. * Revokes a role from a user.
  170. * @param Role|Permission $role
  171. * @param string|int $userId the user ID (see [[\yii\web\User::id]])
  172. * @return bool whether the revoking is successful
  173. */
  174. public function revoke($role, $userId);
  175. /**
  176. * Revokes all roles from a user.
  177. * @param mixed $userId the user ID (see [[\yii\web\User::id]])
  178. * @return bool whether the revoking is successful
  179. */
  180. public function revokeAll($userId);
  181. /**
  182. * Returns the assignment information regarding a role and a user.
  183. * @param string $roleName the role name
  184. * @param string|int $userId the user ID (see [[\yii\web\User::id]])
  185. * @return null|Assignment the assignment information. Null is returned if
  186. * the role is not assigned to the user.
  187. */
  188. public function getAssignment($roleName, $userId);
  189. /**
  190. * Returns all role assignment information for the specified user.
  191. * @param string|int $userId the user ID (see [[\yii\web\User::id]])
  192. * @return Assignment[] the assignments indexed by role names. An empty array will be
  193. * returned if there is no role assigned to the user.
  194. */
  195. public function getAssignments($userId);
  196. /**
  197. * Returns all user IDs assigned to the role specified.
  198. * @param string $roleName
  199. * @return array array of user ID strings
  200. * @since 2.0.7
  201. */
  202. public function getUserIdsByRole($roleName);
  203. /**
  204. * Removes all authorization data, including roles, permissions, rules, and assignments.
  205. */
  206. public function removeAll();
  207. /**
  208. * Removes all permissions.
  209. * All parent child relations will be adjusted accordingly.
  210. */
  211. public function removeAllPermissions();
  212. /**
  213. * Removes all roles.
  214. * All parent child relations will be adjusted accordingly.
  215. */
  216. public function removeAllRoles();
  217. /**
  218. * Removes all rules.
  219. * All roles and permissions which have rules will be adjusted accordingly.
  220. */
  221. public function removeAllRules();
  222. /**
  223. * Removes all role assignments.
  224. */
  225. public function removeAllAssignments();
  226. }