We've already covered how authentication and authorization works. Now we'll describe the interface you need to implement in your application space to create classes representing roles.

Static methods for general role work

Method Meaning of
public static get(
string $id
): static|null
Returns a specific role (if any)
public static getList(
): iterable
Returns a list of all available roles.
public static idExists(
string $id
): bool
Checks whether the role ID is already in use.

Methods for working with a specific role

Method Meaning of
public getId(
): string
Returns the role ID.
public getName(
): string
Returns the name of the role. The name is the role designation for the user.
public setName(
string $name
): void
Sets the name of the role.
public getDescription(
): string
Returns a description of the role. The description is information for the user.
public setDescription(
string $description
): void
Sets the role description.
public getUsers(
): iterable
Returns a list of users who have the specified role.
public getPrivileges(
): Auth_Role_Privilege_Interface[]
Returns all assigned permissions roles as instances of the corresponding classes.
public getPrivilegeValues(
string $privilege
): array
Returns all assigned values of the specified permission.
public setPrivileges(
array $privileges
): void
Bulk role sets the assigned permissions (old settings are overwritten). The permission definition is passed in the following form: setPrivileges([
'privilege_1' => ['value_a''value_b''value_c'],
'privilege_2' => ['value_I''value_II''value_III'],
public setPrivilege(
string $privilege,
array $values
) : void
Sets the role to one specific permission and its values.
public removePrivilege(
string $privilege
): void
Removes the permissions role (including all values, of course)
public hasPrivilege(
string $privilege,
mixed $value=null
): bool
Checks whether the role has the given permission.

If the $value parameter is null, then it checks whether the role has the permission regardless of the value (i.e. whether it has the permission at all, whatever it is).
Previous chapter
Next chapter