User
class User
User authentication and authorization.
Constants
| LogoutManual |
Log-out reason |
| LogoutInactivity |
Log-out reason |
| LOGOUT_MANUAL |
|
| MANUAL |
|
| LOGOUT_INACTIVITY |
|
| INACTIVITY |
|
Properties
| $guestRole | role for an unauthenticated user, unless a guest identity provides its own roles |
||
| $authenticatedRole | default role for authenticated user without own identity |
||
| $persistIdentity | keep identity available (via getIdentity() and getId()) after logout or expiration; depends on the storage implementation |
||
| $onLoggedIn | |||
| $onLoggedOut | |||
| bool read-only | $loggedIn | ||
| IIdentity read-only | $identity |
Methods
No description
No description
Authenticates the user. Accepts username and password, or an IIdentity directly.
Logs out the user from the current session. The identity is kept available afterwards, unless $clearIdentity is set or the $persistIdentity property is disabled.
Checks whether the user is authenticated.
Returns the user identity. When not logged in, this is the retained identity (unless $persistIdentity is disabled) or a guest identity if the authenticator provides one; null otherwise.
Returns the ID of the identity returned by getIdentity(), so it may be the retained or guest identity's ID even when not logged in; null if there is no identity.
Discards the cached authentication state and identity, forcing a reload on next access.
Returns authentication handler.
Returns authentication handler, or null if none is set.
Enables log out after inactivity (like '20 minutes'). The identity is kept available afterwards, unless $clearIdentity is set or the $persistIdentity property is disabled.
Returns the logout reason: LogoutManual or LogoutInactivity, or null if not applicable.
Returns effective roles derived from the login state, not from the (possibly retained) identity.
Checks whether the user has the specified effective role.
Checks whether the user has access to the given resource and privilege.
Returns current authorization handler.
Returns authorization handler, or null if none is set.
Details
at line 69
__construct(UserStorage $storage, Authenticator|null $authenticator = null, Authorizator|null $authorizator = null)
No description
at line 77
final UserStorage
getStorage()
No description
at line 91
void
login(IIdentity $username, string|null $password = null)
Authenticates the user. Accepts username and password, or an IIdentity directly.
at line 120
final void
logout(bool $clearIdentity = false)
Logs out the user from the current session. The identity is kept available afterwards, unless $clearIdentity is set or the $persistIdentity property is disabled.
at line 138
final bool
isLoggedIn()
Checks whether the user is authenticated.
at line 149
final IIdentity|null
getIdentity()
Returns the user identity. When not logged in, this is the retained identity (unless $persistIdentity is disabled) or a guest identity if the authenticator provides one; null otherwise.
at line 194
string|int|null
getId()
Returns the ID of the identity returned by getIdentity(), so it may be the retained or guest identity's ID even when not logged in; null if there is no identity.
at line 204
final void
refreshStorage()
Discards the cached authentication state and identity, forcing a reload on next access.
at line 215
User
setAuthenticator(Authenticator $handler)
Sets authentication handler.
at line 226
final Authenticator
getAuthenticator()
Returns authentication handler.
at line 239
final Authenticator|null
getAuthenticatorIfExists()
Returns authentication handler, or null if none is set.
at line 246
final bool
hasAuthenticator()
deprecated
deprecated
No description
at line 256
User
setExpiration(string|null $expire, bool $clearIdentity = false)
Enables log out after inactivity (like '20 minutes'). The identity is kept available afterwards, unless $clearIdentity is set or the $persistIdentity property is disabled.
at line 266
final int|null
getLogoutReason()
Returns the logout reason: LogoutManual or LogoutInactivity, or null if not applicable.
at line 280
array
getRoles()
Returns effective roles derived from the login state, not from the (possibly retained) identity.
Logged in: the identity's roles, or authenticatedRole. Otherwise: the guest identity's roles, or guestRole.
at line 294
final bool
isInRole(string $role)
Checks whether the user has the specified effective role.
at line 310
bool
isAllowed(mixed $resource = Authorizator::All, mixed $privilege = Authorizator::All)
Checks whether the user has access to the given resource and privilege.
Null means all resources or all privileges.
at line 325
User
setAuthorizator(Authorizator $handler)
Sets authorization handler.
at line 335
final Authorizator
getAuthorizator()
Returns current authorization handler.
at line 348
final Authorizator|null
getAuthorizatorIfExists()
Returns authorization handler, or null if none is set.
at line 355
final bool
hasAuthorizator()
deprecated
deprecated
No description