3
* @link https://www.yiiframework.com/
4
* @copyright Copyright (c) 2008 Yii Software LLC
5
* @license https://www.yiiframework.com/license/
11
* For more details and usage information on ManagerInterface, see the [guide article on security authorization](guide:security-authorization).
13
* @author Qiang Xue <qiang.xue@gmail.com>
16
interface ManagerInterface extends CheckAccessInterface
19
* Creates a new Role object.
20
* Note that the newly created role is not added to the RBAC system yet.
21
* You must fill in the needed data and call [[add()]] to add it to the system.
22
* @param string $name the role name
23
* @return Role the new Role object
25
public function createRole($name);
28
* Creates a new Permission object.
29
* Note that the newly created permission is not added to the RBAC system yet.
30
* You must fill in the needed data and call [[add()]] to add it to the system.
31
* @param string $name the permission name
32
* @return Permission the new Permission object
34
public function createPermission($name);
37
* Adds a role, permission or rule to the RBAC system.
38
* @param Role|Permission|Rule $object
39
* @return bool whether the role, permission or rule is successfully added to the system
40
* @throws \Exception if data validation or saving fails (such as the name of the role or permission is not unique)
42
public function add($object);
45
* Removes a role, permission or rule from the RBAC system.
46
* @param Role|Permission|Rule $object
47
* @return bool whether the role, permission or rule is successfully removed
49
public function remove($object);
52
* Updates the specified role, permission or rule in the system.
53
* @param string $name the old name of the role, permission or rule
54
* @param Role|Permission|Rule $object
55
* @return bool whether the update is successful
56
* @throws \Exception if data validation or saving fails (such as the name of the role or permission is not unique)
58
public function update($name, $object);
61
* Returns the named role.
62
* @param string $name the role name.
63
* @return Role|null the role corresponding to the specified name. Null is returned if no such role.
65
public function getRole($name);
68
* Returns all roles in the system.
69
* @return Role[] all roles in the system. The array is indexed by the role names.
71
public function getRoles();
74
* Returns the roles that are assigned to the user via [[assign()]].
75
* Note that child roles that are not assigned directly to the user will not be returned.
76
* @param string|int $userId the user ID (see [[\yii\web\User::id]])
77
* @return Role[] all roles directly assigned to the user. The array is indexed by the role names.
79
public function getRolesByUser($userId);
82
* Returns child roles of the role specified. Depth isn't limited.
83
* @param string $roleName name of the role to file child roles for
84
* @return Role[] Child roles. The array is indexed by the role names.
85
* First element is an instance of the parent Role itself.
86
* @throws \yii\base\InvalidParamException if Role was not found that are getting by $roleName
89
public function getChildRoles($roleName);
92
* Returns the named permission.
93
* @param string $name the permission name.
94
* @return Permission|null the permission corresponding to the specified name. Null is returned if no such permission.
96
public function getPermission($name);
99
* Returns all permissions in the system.
100
* @return Permission[] all permissions in the system. The array is indexed by the permission names.
102
public function getPermissions();
105
* Returns all permissions that the specified role represents.
106
* @param string $roleName the role name
107
* @return Permission[] all permissions that the role represents. The array is indexed by the permission names.
109
public function getPermissionsByRole($roleName);
112
* Returns all permissions that the user has.
113
* @param string|int $userId the user ID (see [[\yii\web\User::id]])
114
* @return Permission[] all permissions that the user has. The array is indexed by the permission names.
116
public function getPermissionsByUser($userId);
119
* Returns the rule of the specified name.
120
* @param string $name the rule name
121
* @return Rule|null the rule object, or null if the specified name does not correspond to a rule.
123
public function getRule($name);
126
* Returns all rules available in the system.
127
* @return Rule[] the rules indexed by the rule names
129
public function getRules();
132
* Checks the possibility of adding a child to parent.
133
* @param Item $parent the parent item
134
* @param Item $child the child item to be added to the hierarchy
135
* @return bool possibility of adding
139
public function canAddChild($parent, $child);
142
* Adds an item as a child of another item.
143
* @param Item $parent
145
* @return bool whether the child successfully added
146
* @throws \yii\base\Exception if the parent-child relationship already exists or if a loop has been detected.
148
public function addChild($parent, $child);
151
* Removes a child from its parent.
152
* Note, the child item is not deleted. Only the parent-child relationship is removed.
153
* @param Item $parent
155
* @return bool whether the removal is successful
157
public function removeChild($parent, $child);
160
* Removed all children form their parent.
161
* Note, the children items are not deleted. Only the parent-child relationships are removed.
162
* @param Item $parent
163
* @return bool whether the removal is successful
165
public function removeChildren($parent);
168
* Returns a value indicating whether the child already exists for the parent.
169
* @param Item $parent
171
* @return bool whether `$child` is already a child of `$parent`
173
public function hasChild($parent, $child);
176
* Returns the child permissions and/or roles.
177
* @param string $name the parent name
178
* @return Item[] the child permissions and/or roles
180
public function getChildren($name);
183
* Assigns a role to a user.
185
* @param Role|Permission $role
186
* @param string|int $userId the user ID (see [[\yii\web\User::id]])
187
* @return Assignment the role assignment information.
188
* @throws \Exception if the role has already been assigned to the user
190
public function assign($role, $userId);
193
* Revokes a role from a user.
194
* @param Role|Permission $role
195
* @param string|int $userId the user ID (see [[\yii\web\User::id]])
196
* @return bool whether the revoking is successful
198
public function revoke($role, $userId);
201
* Revokes all roles from a user.
202
* @param mixed $userId the user ID (see [[\yii\web\User::id]])
203
* @return bool whether the revoking is successful
205
public function revokeAll($userId);
208
* Returns the assignment information regarding a role and a user.
209
* @param string $roleName the role name
210
* @param string|int $userId the user ID (see [[\yii\web\User::id]])
211
* @return Assignment|null the assignment information. Null is returned if
212
* the role is not assigned to the user.
214
public function getAssignment($roleName, $userId);
217
* Returns all role assignment information for the specified user.
218
* @param string|int $userId the user ID (see [[\yii\web\User::id]])
219
* @return Assignment[] the assignments indexed by role names. An empty array will be
220
* returned if there is no role assigned to the user.
222
public function getAssignments($userId);
225
* Returns all user IDs assigned to the role specified.
226
* @param string $roleName
227
* @return array array of user ID strings
230
public function getUserIdsByRole($roleName);
233
* Removes all authorization data, including roles, permissions, rules, and assignments.
235
public function removeAll();
238
* Removes all permissions.
239
* All parent child relations will be adjusted accordingly.
241
public function removeAllPermissions();
245
* All parent child relations will be adjusted accordingly.
247
public function removeAllRoles();
251
* All roles and permissions which have rules will be adjusted accordingly.
253
public function removeAllRules();
256
* Removes all role assignments.
258
public function removeAllAssignments();