Interface

eZ\Publish\API\Repository\RoleService

interface RoleService

This service provides methods for managing Roles and Policies.

Methods

RoleDraft createRole(RoleCreateStruct $roleCreateStruct)

Creates a new RoleDraft.

RoleDraft createRoleDraft(Role $role)

Creates a new RoleDraft for existing Role.

RoleDraft loadRoleDraft(mixed $id)

Loads a RoleDraft for the given id.

RoleDraft loadRoleDraftByRoleId(mixed $roleId)

Loads a RoleDraft by the ID of the role it was created from.

RoleDraft updateRoleDraft(RoleDraft $roleDraft, RoleUpdateStruct $roleUpdateStruct)

Updates the properties of a RoleDraft.

RoleDraft addPolicyByRoleDraft(RoleDraft $roleDraft, PolicyCreateStruct $policyCreateStruct)

Adds a new policy to the RoleDraft.

RoleDraft removePolicyByRoleDraft(RoleDraft $roleDraft, PolicyDraft $policyDraft)

Removes a policy from a RoleDraft.

PolicyDraft updatePolicyByRoleDraft(RoleDraft $roleDraft, PolicyDraft $policy, PolicyUpdateStruct $policyUpdateStruct)

Updates the limitations of a policy.

deleteRoleDraft(RoleDraft $roleDraft)

Deletes the given RoleDraft.

publishRoleDraft(RoleDraft $roleDraft)

Publishes the given RoleDraft.

Role updateRole(Role $role, RoleUpdateStruct $roleUpdateStruct)

Updates the name of the role.

Role addPolicy(Role $role, PolicyCreateStruct $policyCreateStruct)

Adds a new policy to the role.

deletePolicy(Policy $policy)

Deletes a policy.

Policy updatePolicy(Policy $policy, PolicyUpdateStruct $policyUpdateStruct)

Updates the limitations of a policy.

Role loadRole(mixed $id)

Loads a role for the given id.

Role loadRoleByIdentifier(string $identifier)

Loads a role for the given identifier.

Role[] loadRoles()

Loads all roles.

deleteRole(Role $role)

Deletes the given role.

Policy[] loadPoliciesByUserId(mixed $userId)

Loads all policies from roles which are assigned to a user or to user groups to which the user belongs.

assignRoleToUserGroup(Role $role, UserGroup $userGroup, RoleLimitation $roleLimitation = null)

Assigns a role to the given user group.

unassignRoleFromUserGroup(Role $role, UserGroup $userGroup)

Removes a role from the given user group.

assignRoleToUser(Role $role, User $user, RoleLimitation $roleLimitation = null)

Assigns a role to the given user.

unassignRoleFromUser(Role $role, User $user)

Removes a role from the given user.

RoleAssignment loadRoleAssignment(mixed $roleAssignmentId)

Loads a role assignment for the given id.

RoleAssignment[] getRoleAssignments(Role $role)

Returns the assigned user and user groups to this role.

UserRoleAssignment[]|UserGroupRoleAssignment[] getRoleAssignmentsForUser(User $user, bool $inherited = false)

Returns UserRoleAssignments assigned to the given User.

UserGroupRoleAssignment[] getRoleAssignmentsForUserGroup(UserGroup $userGroup)

Returns the UserGroupRoleAssignments assigned to the given UserGroup.

removeRoleAssignment(RoleAssignment $roleAssignment)

Removes the given role assignment.

RoleCreateStruct newRoleCreateStruct(string $name)

Instantiates a role create class.

PolicyCreateStruct newPolicyCreateStruct(string $module, string $function)

Instantiates a policy create class.

PolicyUpdateStruct newPolicyUpdateStruct()

Instantiates a policy update class.

RoleUpdateStruct newRoleUpdateStruct()

Instantiates a policy update class.

Type getLimitationType(string $identifier)

Returns the LimitationType registered with the given identifier.

Type[] getLimitationTypesByModuleFunction(string $module, string $function)

Returns the LimitationType's assigned to a given module/function.

Details

at line 44
public RoleDraft createRole(RoleCreateStruct $roleCreateStruct)

Creates a new RoleDraft.

Parameters

RoleCreateStruct $roleCreateStruct

Return Value

RoleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to create a role
InvalidArgumentException if the name of the role already exists or if limitation of the same type is repeated in the policy create struct or if limitation is not allowed on module/function
LimitationValidationException if a policy limitation in the $roleCreateStruct is not valid

at line 59
public RoleDraft createRoleDraft(Role $role)

Creates a new RoleDraft for existing Role.

Parameters

Role $role

Return Value

RoleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to create a role
InvalidArgumentException if the Role already has a Role Draft that will need to be removed first
LimitationValidationException if a policy limitation in the $roleCreateStruct is not valid

at line 73
public RoleDraft loadRoleDraft(mixed $id)

Loads a RoleDraft for the given id.

Parameters

mixed $id

Return Value

RoleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to read this role
NotFoundException if a RoleDraft with the given id was not found

at line 85
public RoleDraft loadRoleDraftByRoleId(mixed $roleId)

Loads a RoleDraft by the ID of the role it was created from.

Parameters

mixed $roleId ID of the role the draft was created from.

Return Value

RoleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to read this role
NotFoundException if a RoleDraft with the given id was not found

at line 100
public RoleDraft updateRoleDraft(RoleDraft $roleDraft, RoleUpdateStruct $roleUpdateStruct)

Updates the properties of a RoleDraft.

Parameters

RoleDraft $roleDraft
RoleUpdateStruct $roleUpdateStruct

Return Value

RoleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to update a role
InvalidArgumentException if the identifier of the RoleDraft already exists

at line 117
public RoleDraft addPolicyByRoleDraft(RoleDraft $roleDraft, PolicyCreateStruct $policyCreateStruct)

Adds a new policy to the RoleDraft.

Parameters

RoleDraft $roleDraft
PolicyCreateStruct $policyCreateStruct

Return Value

RoleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to add a policy
InvalidArgumentException if limitation of the same type is repeated in policy create struct or if limitation is not allowed on module/function
LimitationValidationException if a limitation in the $policyCreateStruct is not valid

at line 131
public RoleDraft removePolicyByRoleDraft(RoleDraft $roleDraft, PolicyDraft $policyDraft)

Removes a policy from a RoleDraft.

Parameters

RoleDraft $roleDraft
PolicyDraft $policyDraft the policy to remove from the RoleDraft

Return Value

RoleDraft if the authenticated user is not allowed to remove a policy

Exceptions

UnauthorizedException if the authenticated user is not allowed to remove a policy
InvalidArgumentException if policy does not belong to the given RoleDraft

at line 150
public PolicyDraft updatePolicyByRoleDraft(RoleDraft $roleDraft, PolicyDraft $policy, PolicyUpdateStruct $policyUpdateStruct)

Updates the limitations of a policy.

The module and function cannot be changed and the limitations are replaced by the ones in $roleUpdateStruct.

Parameters

RoleDraft $roleDraft
PolicyDraft $policy
PolicyUpdateStruct $policyUpdateStruct

Return Value

PolicyDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to update a policy
InvalidArgumentException if limitation of the same type is repeated in policy update struct or if limitation is not allowed on module/function
LimitationValidationException if a limitation in the $policyUpdateStruct is not valid

at line 161
public deleteRoleDraft(RoleDraft $roleDraft)

Deletes the given RoleDraft.

Parameters

RoleDraft $roleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to delete this RoleDraft

at line 172
public publishRoleDraft(RoleDraft $roleDraft)

Publishes the given RoleDraft.

Parameters

RoleDraft $roleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to publish this RoleDraft

at line 187
public Role updateRole(Role $role, RoleUpdateStruct $roleUpdateStruct)

Updates the name of the role.

Parameters

Role $role
RoleUpdateStruct $roleUpdateStruct

Return Value

Role

Exceptions

UnauthorizedException if the authenticated user is not allowed to update a role
InvalidArgumentException if the name of the role already exists

at line 204
public Role addPolicy(Role $role, PolicyCreateStruct $policyCreateStruct)

Adds a new policy to the role.

Parameters

Role $role
PolicyCreateStruct $policyCreateStruct

Return Value

Role

Exceptions

UnauthorizedException if the authenticated user is not allowed to add a policy
InvalidArgumentException if limitation of the same type is repeated in policy create struct or if limitation is not allowed on module/function
LimitationValidationException if a limitation in the $policyCreateStruct is not valid

at line 215
public deletePolicy(Policy $policy)

Deletes a policy.

Parameters

Policy $policy the policy to delete

Exceptions

UnauthorizedException if the authenticated user is not allowed to remove a policy

at line 233
public Policy updatePolicy(Policy $policy, PolicyUpdateStruct $policyUpdateStruct)

Updates the limitations of a policy.

The module and function cannot be changed and the limitations are replaced by the ones in $roleUpdateStruct.

Parameters

Policy $policy
PolicyUpdateStruct $policyUpdateStruct

Return Value

Policy

Exceptions

UnauthorizedException if the authenticated user is not allowed to update a policy
InvalidArgumentException if limitation of the same type is repeated in policy update struct or if limitation is not allowed on module/function
LimitationValidationException if a limitation in the $policyUpdateStruct is not valid

at line 245
public Role loadRole(mixed $id)

Loads a role for the given id.

Parameters

mixed $id

Return Value

Role

Exceptions

UnauthorizedException if the authenticated user is not allowed to read this role
NotFoundException if a role with the given name was not found

at line 257
public Role loadRoleByIdentifier(string $identifier)

Loads a role for the given identifier.

Parameters

string $identifier

Return Value

Role

Exceptions

UnauthorizedException if the authenticated user is not allowed to read this role
NotFoundException if a role with the given name was not found

at line 266
public Role[] loadRoles()

Loads all roles.

Return Value

Role[]

Exceptions

UnauthorizedException if the authenticated user is not allowed to read the roles

at line 275
public deleteRole(Role $role)

Deletes the given role.

Parameters

Role $role

Exceptions

UnauthorizedException if the authenticated user is not allowed to delete this role

at line 288
public Policy[] loadPoliciesByUserId(mixed $userId)

Loads all policies from roles which are assigned to a user or to user groups to which the user belongs.

Parameters

mixed $userId

Return Value

Policy[]

Exceptions

NotFoundException if a user with the given id was not found

at line 301
public assignRoleToUserGroup(Role $role, UserGroup $userGroup, RoleLimitation $roleLimitation = null)

Assigns a role to the given user group.

Parameters

Role $role
UserGroup $userGroup
RoleLimitation $roleLimitation an optional role limitation (which is either a subtree limitation or section limitation)

Exceptions

UnauthorizedException if the authenticated user is not allowed to assign a role
LimitationValidationException if $roleLimitation is not valid
InvalidArgumentException If assignment already exists

at line 314
public unassignRoleFromUserGroup(Role $role, UserGroup $userGroup)

Removes a role from the given user group.

Parameters

Role $role
UserGroup $userGroup

Exceptions

UnauthorizedException if the authenticated user is not allowed to remove a role
InvalidArgumentException If the role is not assigned to the given user group

at line 327
public assignRoleToUser(Role $role, User $user, RoleLimitation $roleLimitation = null)

Assigns a role to the given user.

Parameters

Role $role
User $user
RoleLimitation $roleLimitation an optional role limitation (which is either a subtree limitation or section limitation)

Exceptions

UnauthorizedException if the authenticated user is not allowed to assign a role
LimitationValidationException if $roleLimitation is not valid
InvalidArgumentException If assignment already exists

at line 340
public unassignRoleFromUser(Role $role, User $user)

Removes a role from the given user.

Parameters

Role $role
User $user

Exceptions

UnauthorizedException if the authenticated user is not allowed to remove a role
InvalidArgumentException If the role is not assigned to the user

at line 352
public RoleAssignment loadRoleAssignment(mixed $roleAssignmentId)

Loads a role assignment for the given id.

Parameters

mixed $roleAssignmentId

Return Value

RoleAssignment

Exceptions

UnauthorizedException if the authenticated user is not allowed to read this role
NotFoundException If the role assignment was not found

at line 363
public RoleAssignment[] getRoleAssignments(Role $role)

Returns the assigned user and user groups to this role.

Parameters

Role $role

Return Value

RoleAssignment[]

Exceptions

UnauthorizedException if the authenticated user is not allowed to read a role

at line 379
public UserRoleAssignment[]|UserGroupRoleAssignment[] getRoleAssignmentsForUser(User $user, bool $inherited = false)

Returns UserRoleAssignments assigned to the given User.

If second parameter \$inherited is true then UserGroupRoleAssignment is also returned for UserGroups User is placed in as well as those inherited from parent UserGroups.

Parameters

User $user
bool $inherited Also return all inherited Roles from UserGroups User belongs to, and it's parents.

Return Value

UserRoleAssignment[]|UserGroupRoleAssignment[]

Exceptions

UnauthorizedException if the current user is not allowed to read a role
InvalidArgumentException On invalid User object

at line 390
public UserGroupRoleAssignment[] getRoleAssignmentsForUserGroup(UserGroup $userGroup)

Returns the UserGroupRoleAssignments assigned to the given UserGroup.

Parameters

UserGroup $userGroup

Return Value

UserGroupRoleAssignment[]

Exceptions

UnauthorizedException if the authenticated user is not allowed to read a user group

at line 401
public removeRoleAssignment(RoleAssignment $roleAssignment)

Removes the given role assignment.

i.e. unassigns a user or a user group from a role with the given limitations

Parameters

RoleAssignment $roleAssignment

Exceptions

UnauthorizedException if the authenticated user is not allowed to remove a role assignment

at line 410
public RoleCreateStruct newRoleCreateStruct(string $name)

Instantiates a role create class.

Parameters

string $name

Return Value

RoleCreateStruct

at line 420
public PolicyCreateStruct newPolicyCreateStruct(string $module, string $function)

Instantiates a policy create class.

Parameters

string $module
string $function

Return Value

PolicyCreateStruct

at line 427
public PolicyUpdateStruct newPolicyUpdateStruct()

Instantiates a policy update class.

Return Value

PolicyUpdateStruct

at line 434
public RoleUpdateStruct newRoleUpdateStruct()

Instantiates a policy update class.

Return Value

RoleUpdateStruct

at line 445
public Type getLimitationType(string $identifier)

Returns the LimitationType registered with the given identifier.

Parameters

string $identifier

Return Value

Type

Exceptions

RuntimeException On missing Limitation

at line 462
public Type[] getLimitationTypesByModuleFunction(string $module, string $function)

Returns the LimitationType's assigned to a given module/function.

Typically used for: - Internal validation limitation value use on Policies - Role admin gui for editing policy limitations incl list limitation options via valueSchema()

Parameters

string $module Legacy name of "controller", it's a unique identifier like "content"
string $function Legacy name of a controller "action", it's a unique within the controller like "read"

Return Value

Type[]

Exceptions

BadStateException If module/function to limitation type mapping refers to a non existing identifier.