You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

258 lines
8.8KB

  1. <?php
  2. /**
  3. * @link http://www.yiiframework.com/
  4. * @copyright Copyright (c) 2008 Yii Software LLC
  5. * @license http://www.yiiframework.com/license/
  6. */
  7. namespace yii\rbac;
  8. /**
  9. * @author Qiang Xue <qiang.xue@gmail.com>
  10. * @since 2.0
  11. */
  12. interface ManagerInterface extends CheckAccessInterface
  13. {
  14. /**
  15. * Creates a new Role object.
  16. * Note that the newly created role is not added to the RBAC system yet.
  17. * You must fill in the needed data and call [[add()]] to add it to the system.
  18. * @param string $name the role name
  19. * @return Role the new Role object
  20. */
  21. public function createRole($name);
  22. /**
  23. * Creates a new Permission object.
  24. * Note that the newly created permission is not added to the RBAC system yet.
  25. * You must fill in the needed data and call [[add()]] to add it to the system.
  26. * @param string $name the permission name
  27. * @return Permission the new Permission object
  28. */
  29. public function createPermission($name);
  30. /**
  31. * Adds a role, permission or rule to the RBAC system.
  32. * @param Role|Permission|Rule $object
  33. * @return boolean whether the role, permission or rule is successfully added to the system
  34. * @throws \Exception if data validation or saving fails (such as the name of the role or permission is not unique)
  35. */
  36. public function add($object);
  37. /**
  38. * Removes a role, permission or rule from the RBAC system.
  39. * @param Role|Permission|Rule $object
  40. * @return boolean whether the role, permission or rule is successfully removed
  41. */
  42. public function remove($object);
  43. /**
  44. * Updates the specified role, permission or rule in the system.
  45. * @param string $name the old name of the role, permission or rule
  46. * @param Role|Permission|Rule $object
  47. * @return boolean whether the update is successful
  48. * @throws \Exception if data validation or saving fails (such as the name of the role or permission is not unique)
  49. */
  50. public function update($name, $object);
  51. /**
  52. * Returns the named role.
  53. * @param string $name the role name.
  54. * @return null|Role the role corresponding to the specified name. Null is returned if no such role.
  55. */
  56. public function getRole($name);
  57. /**
  58. * Returns all roles in the system.
  59. * @return Role[] all roles in the system. The array is indexed by the role names.
  60. */
  61. public function getRoles();
  62. /**
  63. * Returns the roles that are assigned to the user via [[assign()]].
  64. * Note that child roles that are not assigned directly to the user will not be returned.
  65. * @param string|integer $userId the user ID (see [[\yii\web\User::id]])
  66. * @return Role[] all roles directly assigned to the user. The array is indexed by the role names.
  67. */
  68. public function getRolesByUser($userId);
  69. /**
  70. * Returns the roles that are adding to the role via [[addChild()]] by recursive.
  71. * @param string $roleName name of parent Role.
  72. * @return Role[] all roles directly adding to the role. The array is indexed by the role names.
  73. * First element is a Role item that are getting by $roleName.
  74. * @throws \yii\base\InvalidParamException if Role was not found that are getting by $roleName
  75. * @since 2.0.10
  76. */
  77. public function getChildRoles($roleName);
  78. /**
  79. * Returns the named permission.
  80. * @param string $name the permission name.
  81. * @return null|Permission the permission corresponding to the specified name. Null is returned if no such permission.
  82. */
  83. public function getPermission($name);
  84. /**
  85. * Returns all permissions in the system.
  86. * @return Permission[] all permissions in the system. The array is indexed by the permission names.
  87. */
  88. public function getPermissions();
  89. /**
  90. * Returns all permissions that the specified role represents.
  91. * @param string $roleName the role name
  92. * @return Permission[] all permissions that the role represents. The array is indexed by the permission names.
  93. */
  94. public function getPermissionsByRole($roleName);
  95. /**
  96. * Returns all permissions that the user has.
  97. * @param string|integer $userId the user ID (see [[\yii\web\User::id]])
  98. * @return Permission[] all permissions that the user has. The array is indexed by the permission names.
  99. */
  100. public function getPermissionsByUser($userId);
  101. /**
  102. * Returns the rule of the specified name.
  103. * @param string $name the rule name
  104. * @return null|Rule the rule object, or null if the specified name does not correspond to a rule.
  105. */
  106. public function getRule($name);
  107. /**
  108. * Returns all rules available in the system.
  109. * @return Rule[] the rules indexed by the rule names
  110. */
  111. public function getRules();
  112. /**
  113. * Checks the possibility of adding a child to parent
  114. * @param Item $parent the parent item
  115. * @param Item $child the child item to be added to the hierarchy
  116. * @return boolean possibility of adding
  117. *
  118. * @since 2.0.8
  119. */
  120. public function canAddChild($parent, $child);
  121. /**
  122. * Adds an item as a child of another item.
  123. * @param Item $parent
  124. * @param Item $child
  125. * @return boolean whether the child successfully added
  126. * @throws \yii\base\Exception if the parent-child relationship already exists or if a loop has been detected.
  127. */
  128. public function addChild($parent, $child);
  129. /**
  130. * Removes a child from its parent.
  131. * Note, the child item is not deleted. Only the parent-child relationship is removed.
  132. * @param Item $parent
  133. * @param Item $child
  134. * @return boolean whether the removal is successful
  135. */
  136. public function removeChild($parent, $child);
  137. /**
  138. * Removed all children form their parent.
  139. * Note, the children items are not deleted. Only the parent-child relationships are removed.
  140. * @param Item $parent
  141. * @return boolean whether the removal is successful
  142. */
  143. public function removeChildren($parent);
  144. /**
  145. * Returns a value indicating whether the child already exists for the parent.
  146. * @param Item $parent
  147. * @param Item $child
  148. * @return boolean whether `$child` is already a child of `$parent`
  149. */
  150. public function hasChild($parent, $child);
  151. /**
  152. * Returns the child permissions and/or roles.
  153. * @param string $name the parent name
  154. * @return Item[] the child permissions and/or roles
  155. */
  156. public function getChildren($name);
  157. /**
  158. * Assigns a role to a user.
  159. *
  160. * @param Role $role
  161. * @param string|integer $userId the user ID (see [[\yii\web\User::id]])
  162. * @return Assignment the role assignment information.
  163. * @throws \Exception if the role has already been assigned to the user
  164. */
  165. public function assign($role, $userId);
  166. /**
  167. * Revokes a role from a user.
  168. * @param Role $role
  169. * @param string|integer $userId the user ID (see [[\yii\web\User::id]])
  170. * @return boolean whether the revoking is successful
  171. */
  172. public function revoke($role, $userId);
  173. /**
  174. * Revokes all roles from a user.
  175. * @param mixed $userId the user ID (see [[\yii\web\User::id]])
  176. * @return boolean whether the revoking is successful
  177. */
  178. public function revokeAll($userId);
  179. /**
  180. * Returns the assignment information regarding a role and a user.
  181. * @param string $roleName the role name
  182. * @param string|integer $userId the user ID (see [[\yii\web\User::id]])
  183. * @return null|Assignment the assignment information. Null is returned if
  184. * the role is not assigned to the user.
  185. */
  186. public function getAssignment($roleName, $userId);
  187. /**
  188. * Returns all role assignment information for the specified user.
  189. * @param string|integer $userId the user ID (see [[\yii\web\User::id]])
  190. * @return Assignment[] the assignments indexed by role names. An empty array will be
  191. * returned if there is no role assigned to the user.
  192. */
  193. public function getAssignments($userId);
  194. /**
  195. * Returns all user IDs assigned to the role specified.
  196. * @param string $roleName
  197. * @return array array of user ID strings
  198. * @since 2.0.7
  199. */
  200. public function getUserIdsByRole($roleName);
  201. /**
  202. * Removes all authorization data, including roles, permissions, rules, and assignments.
  203. */
  204. public function removeAll();
  205. /**
  206. * Removes all permissions.
  207. * All parent child relations will be adjusted accordingly.
  208. */
  209. public function removeAllPermissions();
  210. /**
  211. * Removes all roles.
  212. * All parent child relations will be adjusted accordingly.
  213. */
  214. public function removeAllRoles();
  215. /**
  216. * Removes all rules.
  217. * All roles and permissions which have rules will be adjusted accordingly.
  218. */
  219. public function removeAllRules();
  220. /**
  221. * Removes all role assignments.
  222. */
  223. public function removeAllAssignments();
  224. }