Class

eZ\Publish\Core\Repository\RoleService

class RoleService implements RoleService

This service provides methods for managing Roles and Policies.

Methods

__construct(Repository $repository, Handler $userHandler, LimitationService $limitationService, RoleDomainMapper $roleDomainMapper, array $settings = array())

Setups service with reference to repository object that created it & corresponding handler.

RoleDraft createRole(RoleCreateStruct $roleCreateStruct)

Creates a new RoleDraft.

RoleDraft createRoleDraft(Role $role)

Creates a new RoleDraft for an existing Role.

RoleDraft loadRoleDraft(mixed $id)

Loads a RoleDraft for the given id.

RoleDraft loadRoleDraftByRoleId(mixed $roleId)

Loads a RoleDraft by the ID of the role it was created from.

RoleDraft updateRoleDraft(RoleDraft $roleDraft, RoleUpdateStruct $roleUpdateStruct)

Updates the properties of a RoleDraft.

RoleDraft addPolicyByRoleDraft(RoleDraft $roleDraft, PolicyCreateStruct $policyCreateStruct)

Adds a new policy to the RoleDraft.

RoleDraft removePolicyByRoleDraft(RoleDraft $roleDraft, PolicyDraft $policyDraft)

Removes a policy from a RoleDraft.

PolicyDraft updatePolicyByRoleDraft(RoleDraft $roleDraft, PolicyDraft $policy, PolicyUpdateStruct $policyUpdateStruct)

Updates the limitations of a policy.

deleteRoleDraft(RoleDraft $roleDraft)

Deletes the given RoleDraft.

publishRoleDraft(RoleDraft $roleDraft)

Publishes a given RoleDraft.

Role updateRole(Role $role, RoleUpdateStruct $roleUpdateStruct)

Updates the name of the role.

Role addPolicy(Role $role, PolicyCreateStruct $policyCreateStruct)

Adds a new policy to the role.

deletePolicy(Policy $policy)

Deletes a policy.

Policy updatePolicy(Policy $policy, PolicyUpdateStruct $policyUpdateStruct)

Updates the limitations of a policy.

Role loadRole(mixed $id)

Loads a role for the given id.

Role loadRoleByIdentifier(string $identifier)

Loads a role for the given identifier.

Role[] loadRoles()

Loads all roles.

deleteRole(Role $role)

Deletes the given role.

Policy[] loadPoliciesByUserId(mixed $userId)

Loads all policies from roles which are assigned to a user or to user groups to which the user belongs.

assignRoleToUserGroup(Role $role, UserGroup $userGroup, RoleLimitation $roleLimitation = null)

Assigns a role to the given user group.

unassignRoleFromUserGroup(Role $role, UserGroup $userGroup)

removes a role from the given user group.

assignRoleToUser(Role $role, User $user, RoleLimitation $roleLimitation = null)

Assigns a role to the given user.

unassignRoleFromUser(Role $role, User $user)

removes a role from the given user.

removeRoleAssignment(RoleAssignment $roleAssignment)

Removes the given role assignment.

RoleAssignment loadRoleAssignment(mixed $roleAssignmentId)

Loads a role assignment for the given id.

RoleAssignment[] getRoleAssignments(Role $role)

Returns the assigned user and user groups to this role.

UserRoleAssignment[]|UserGroupRoleAssignment[] getRoleAssignmentsForUser(User $user, bool $inherited = false)

UserGroupRoleAssignment[] getRoleAssignmentsForUserGroup(UserGroup $userGroup)

Returns the roles assigned to the given user group.

RoleCreateStruct newRoleCreateStruct(string $name)

Instantiates a role create class.

PolicyCreateStruct newPolicyCreateStruct(string $module, string $function)

Instantiates a policy create class.

PolicyUpdateStruct newPolicyUpdateStruct()

Instantiates a policy update class.

RoleUpdateStruct newRoleUpdateStruct()

Instantiates a policy update class.

Type getLimitationType(string $identifier)

Returns the LimitationType registered with the given identifier.

Type[] getLimitationTypesByModuleFunction(string $module, string $function)

Returns the LimitationType's assigned to a given module/function.

Details

at line 84
public __construct(Repository $repository, Handler $userHandler, LimitationService $limitationService, RoleDomainMapper $roleDomainMapper, array $settings = array())

Setups service with reference to repository object that created it & corresponding handler.

Parameters

Repository $repository
Handler $userHandler
LimitationService $limitationService
RoleDomainMapper $roleDomainMapper
array $settings

at line 141
public RoleDraft createRole(RoleCreateStruct $roleCreateStruct)

Creates a new RoleDraft.

Parameters

RoleCreateStruct $roleCreateStruct

Return Value

RoleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to create a RoleDraft
InvalidArgumentException if the name of the role already exists or if limitation of the same type is repeated in the policy create struct or if limitation is not allowed on module/function
LimitationValidationException if a policy limitation in the $roleCreateStruct is not valid

at line 194
public RoleDraft createRoleDraft(Role $role)

Creates a new RoleDraft for an existing Role.

Parameters

Role $role

Return Value

RoleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to create a RoleDraft
InvalidArgumentException if the Role already has a RoleDraft that will need to be removed first

at line 234
public RoleDraft loadRoleDraft(mixed $id)

Loads a RoleDraft for the given id.

Parameters

mixed $id

Return Value

RoleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to read this RoleDraft
NotFoundException if a RoleDraft with the given id was not found

at line 255
public RoleDraft loadRoleDraftByRoleId(mixed $roleId)

Loads a RoleDraft by the ID of the role it was created from.

Parameters

mixed $roleId ID of the role the draft was created from.

Return Value

RoleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to read this role
NotFoundException if a RoleDraft with the given id was not found

at line 279
public RoleDraft updateRoleDraft(RoleDraft $roleDraft, RoleUpdateStruct $roleUpdateStruct)

Updates the properties of a RoleDraft.

Parameters

RoleDraft $roleDraft
RoleUpdateStruct $roleUpdateStruct

Return Value

RoleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to update a RoleDraft
InvalidArgumentException if the identifier of the RoleDraft already exists

at line 345
public RoleDraft addPolicyByRoleDraft(RoleDraft $roleDraft, PolicyCreateStruct $policyCreateStruct)

Adds a new policy to the RoleDraft.

Parameters

RoleDraft $roleDraft
PolicyCreateStruct $policyCreateStruct

Return Value

RoleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to add a policy
InvalidArgumentException if limitation of the same type is repeated in policy create struct or if limitation is not allowed on module/function
LimitationValidationException if a limitation in the $policyCreateStruct is not valid

at line 406
public RoleDraft removePolicyByRoleDraft(RoleDraft $roleDraft, PolicyDraft $policyDraft)

Removes a policy from a RoleDraft.

Parameters

RoleDraft $roleDraft
PolicyDraft $policyDraft the policy to remove from the RoleDraft

Return Value

RoleDraft if the authenticated user is not allowed to remove a policy

Exceptions

UnauthorizedException if the authenticated user is not allowed to remove a policy
InvalidArgumentException if policy does not belong to the given RoleDraft

at line 438
public PolicyDraft updatePolicyByRoleDraft(RoleDraft $roleDraft, PolicyDraft $policy, PolicyUpdateStruct $policyUpdateStruct)

Updates the limitations of a policy.

The module and function cannot be changed and the limitations are replaced by the ones in $roleUpdateStruct.

Parameters

RoleDraft $roleDraft
PolicyDraft $policy
PolicyUpdateStruct $policyUpdateStruct

Return Value

PolicyDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to update a policy
InvalidArgumentException if limitation of the same type is repeated in policy update struct or if limitation is not allowed on module/function
LimitationValidationException if a limitation in the $policyUpdateStruct is not valid

at line 496
public deleteRoleDraft(RoleDraft $roleDraft)

Deletes the given RoleDraft.

Parameters

RoleDraft $roleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to delete this RoleDraft

at line 521
public publishRoleDraft(RoleDraft $roleDraft)

Publishes a given RoleDraft.

Parameters

RoleDraft $roleDraft

Exceptions

UnauthorizedException if the authenticated user is not allowed to publish this RoleDraft
BadStateException if the role draft cannot be loaded
InvalidArgumentException if the role draft has no policies

at line 568
public Role updateRole(Role $role, RoleUpdateStruct $roleUpdateStruct)

Updates the name of the role.

Parameters

Role $role
RoleUpdateStruct $roleUpdateStruct

Return Value

Role

Exceptions

UnauthorizedException if the authenticated user is not allowed to update a role
InvalidArgumentException if the name of the role already exists

at line 629
public Role addPolicy(Role $role, PolicyCreateStruct $policyCreateStruct)

Adds a new policy to the role.

Parameters

Role $role
PolicyCreateStruct $policyCreateStruct

Return Value

Role

Exceptions

UnauthorizedException if the authenticated user is not allowed to add a policy
InvalidArgumentException if limitation of the same type is repeated in policy create struct or if limitation is not allowed on module/function
LimitationValidationException if a limitation in the $policyCreateStruct is not valid

at line 686
public deletePolicy(Policy $policy)

Deletes a policy.

Parameters

Policy $policy the policy to delete

Exceptions

UnauthorizedException if the authenticated user is not allowed to remove a policy

at line 730
public Policy updatePolicy(Policy $policy, PolicyUpdateStruct $policyUpdateStruct)

Updates the limitations of a policy.

The module and function cannot be changed and the limitations are replaced by the ones in $roleUpdateStruct.

Parameters

Policy $policy
PolicyUpdateStruct $policyUpdateStruct

Return Value

Policy

Exceptions

UnauthorizedException if the authenticated user is not allowed to update a policy
InvalidArgumentException if limitation of the same type is repeated in policy update struct or if limitation is not allowed on module/function
LimitationValidationException if a limitation in the $policyUpdateStruct is not valid

at line 784
public Role loadRole(mixed $id)

Loads a role for the given id.

Parameters

mixed $id

Return Value

Role

Exceptions

UnauthorizedException if the authenticated user is not allowed to read this role
NotFoundException if a role with the given id was not found

at line 805
public Role loadRoleByIdentifier(string $identifier)

Loads a role for the given identifier.

Parameters

string $identifier

Return Value

Role

Exceptions

UnauthorizedException if the authenticated user is not allowed to read this role
NotFoundException if a role with the given name was not found

at line 827
public Role[] loadRoles()

Loads all roles.

Return Value

Role[]

Exceptions

UnauthorizedException if the authenticated user is not allowed to read the roles

at line 850
public deleteRole(Role $role)

Deletes the given role.

Parameters

Role $role

Exceptions

UnauthorizedException if the authenticated user is not allowed to delete this role

at line 877
public Policy[] loadPoliciesByUserId(mixed $userId)

Loads all policies from roles which are assigned to a user or to user groups to which the user belongs.

Parameters

mixed $userId

Return Value

Policy[]

Exceptions

NotFoundException if a user with the given id was not found

at line 904
public assignRoleToUserGroup(Role $role, UserGroup $userGroup, RoleLimitation $roleLimitation = null)

Assigns a role to the given user group.

Parameters

Role $role
UserGroup $userGroup
RoleLimitation $roleLimitation an optional role limitation (which is either a subtree limitation or section limitation)

Exceptions

UnauthorizedException if the authenticated user is not allowed to assign a role
LimitationValidationException if $roleLimitation is not valid
InvalidArgumentException If assignment already exists

at line 950
public unassignRoleFromUserGroup(Role $role, UserGroup $userGroup)

removes a role from the given user group.

Parameters

Role $role
UserGroup $userGroup

Exceptions

UnauthorizedException if the authenticated user is not allowed to remove a role
InvalidArgumentException If the role is not assigned to the given user group

at line 993
public assignRoleToUser(Role $role, User $user, RoleLimitation $roleLimitation = null)

Assigns a role to the given user.

Parameters

Role $role
User $user
RoleLimitation $roleLimitation an optional role limitation (which is either a subtree limitation or section limitation)

Exceptions

UnauthorizedException if the authenticated user is not allowed to assign a role
LimitationValidationException if $roleLimitation is not valid
InvalidArgumentException If assignment already exists

at line 1039
public unassignRoleFromUser(Role $role, User $user)

removes a role from the given user.

Parameters

Role $role
User $user

Exceptions

UnauthorizedException if the authenticated user is not allowed to remove a role
InvalidArgumentException If the role is not assigned to the user

at line 1078
public removeRoleAssignment(RoleAssignment $roleAssignment)

Removes the given role assignment.

Parameters

RoleAssignment $roleAssignment

Exceptions

UnauthorizedException if the authenticated user is not allowed to remove a role assignment

at line 1106
public RoleAssignment loadRoleAssignment(mixed $roleAssignmentId)

Loads a role assignment for the given id.

Parameters

mixed $roleAssignmentId

Return Value

RoleAssignment

Exceptions

UnauthorizedException if the authenticated user is not allowed to read this role
NotFoundException If the role assignment was not found

at line 1151
public RoleAssignment[] getRoleAssignments(Role $role)

Returns the assigned user and user groups to this role.

Parameters

Role $role

Return Value

RoleAssignment[]

Exceptions

UnauthorizedException if the authenticated user is not allowed to read a role

at line 1191
public UserRoleAssignment[]|UserGroupRoleAssignment[] getRoleAssignmentsForUser(User $user, bool $inherited = false)

Parameters

User $user
bool $inherited Also return all inherited Roles from UserGroups User belongs to, and it's parents.

Return Value

UserRoleAssignment[]|UserGroupRoleAssignment[]

See also

\eZ\Publish\API\Repository\RoleService::getRoleAssignmentsForUser()

at line 1229
public UserGroupRoleAssignment[] getRoleAssignmentsForUserGroup(UserGroup $userGroup)

Returns the roles assigned to the given user group.

Parameters

UserGroup $userGroup

Return Value

UserGroupRoleAssignment[]

Exceptions

UnauthorizedException if the authenticated user is not allowed to read a role

at line 1256
public RoleCreateStruct newRoleCreateStruct(string $name)

Instantiates a role create class.

Parameters

string $name

Return Value

RoleCreateStruct

at line 1274
public PolicyCreateStruct newPolicyCreateStruct(string $module, string $function)

Instantiates a policy create class.

Parameters

string $module
string $function

Return Value

PolicyCreateStruct

at line 1290
public PolicyUpdateStruct newPolicyUpdateStruct()

Instantiates a policy update class.

Return Value

PolicyUpdateStruct

at line 1304
public RoleUpdateStruct newRoleUpdateStruct()

Instantiates a policy update class.

Return Value

RoleUpdateStruct

at line 1321
public Type getLimitationType(string $identifier)

Returns the LimitationType registered with the given identifier.

Returns the correct implementation of API Limitation value object based on provided identifier

Parameters

string $identifier

Return Value

Type

Exceptions

RuntimeException if there is no LimitationType with $identifier

at line 1341
public Type[] getLimitationTypesByModuleFunction(string $module, string $function)

Returns the LimitationType's assigned to a given module/function.

Typically used for: - Internal validation limitation value use on Policies - Role admin gui for editing policy limitations incl list limitation options via valueSchema()

Parameters

string $module Legacy name of "controller", it's a unique identifier like "content"
string $function Legacy name of a controller "action", it's a unique within the controller like "read"

Return Value

Type[]

Exceptions

BadStateException If module/function to limitation type mapping refers to a non existing identifier.