class UserService (View source)

A service for managing users

Properties

protected string $defaultAuthenticationProviderName

Might be configurable in the future, for now centralising this as a "constant"

protected PartyRepository $partyRepository
protected UserRepository $userRepository
protected PartyService $partyService
protected AccountFactory $accountFactory
protected AccountRepository $accountRepository
protected PolicyService $policyService
protected AuthenticationManagerInterface $authenticationManager
protected PrivilegeManagerInterface $privilegeManager
protected Context $securityContext
protected TokenAndProviderFactoryInterface $tokenAndProviderFactory
protected HashService $hashService
protected SessionManager $sessionManager
protected PersistenceManagerInterface $persistenceManager
protected Now $now
protected array<string,string> $runtimeUserCache

Methods

QueryResultInterface
getUsers(string $sortBy = 'accounts.accountidentifier', string $sortDirection = QueryInterface::ORDER_ASCENDING)

Retrieves a list of all existing users

QueryResultInterface
searchUsers(string $searchTerm, string $sortBy, string $sortDirection)

No description

User|null
getUser(string $username, string $authenticationProviderName = null)

Retrieves an existing user by the given username

string|null
getUsername(User $user, string $authenticationProviderName = null)

Returns the username of the given user

User|null
getCurrentUser()

Returns the currently logged in user, if any

UserId|null
getCurrentUserIdentifier()

No description

createUser(string $username, string $password, string $firstName, string $lastName, array $roleIdentifiers = null, string $authenticationProviderName = null)

Creates a user based on the given information

addUser(string $username, string $password, User $user, array $roleIdentifiers = null, string $authenticationProviderName = null)

Adds a user whose User object has been created elsewhere

void
emitUserCreated(User $user)

Signals that a new user, including a new account has been created.

void
deleteUser(User $user)

Deletes the specified user and all remaining content in his personal workspaces

void
emitUserDeleted(User $user)

Signals that the given user has been deleted.

void
setUserPassword(User $user, string $password)

Sets a new password for the given user

void
updateUser(User $user)

Updates the given user in the respective repository and potentially executes further actions depending on what has been changed.

int
addRoleToUser(User $user, string $roleIdentifier)

Adds the specified role to all accounts of the given user and potentially carries out further actions which are needed to properly reflect these changes.

int
removeRoleFromUser(User $user, string $roleIdentifier)

Removes the specified role from all accounts of the given user and potentially carries out further actions which are needed to properly reflect these changes.

void
emitUserUpdated(User $user)

Signals that the given user data has been updated.

void
setRolesForAccount(Account $account, array $newRoleIdentifiers)

Overrides any assigned roles of the given account and potentially carries out further actions which are needed to properly reflect these changes.

int
addRoleToAccount(Account $account, string $roleIdentifier)

Adds the specified role to the given account and potentially carries out further actions which are needed to properly reflect these changes.

void
emitRolesAdded(Account $account, array $roles)

Signals that new roles have been assigned to the given account

int
removeRoleFromAccount(Account $account, string $roleIdentifier)

Removes the specified role from the given account and potentially carries out further actions which are needed to properly reflect these changes.

void
emitRolesRemoved(Account $account, array $roles)

Signals that roles have been removed to the given account

void
activateUser(User $user)

Reactivates the given user

void
emitUserActivated(User $user)

Signals that the given user has been activated

void
deactivateUser(User $user)

Deactivates the given user

bool
currentUserCanPublishToWorkspace(Workspace $workspace)

Checks if the current user may publish to the given workspace according to one the roles of the user's accounts

bool
currentUserCanReadWorkspace(Workspace $workspace)

Checks if the current user may read the given workspace according to one the roles of the user's accounts

bool
currentUserCanManageWorkspace(Workspace $workspace)

Checks if the current user may manage the given workspace according to one the roles of the user's accounts

bool
currentUserCanTransferOwnershipOfWorkspace(Workspace $workspace)

Checks if the current user may transfer ownership of the given workspace

bool
currentUserIsAdministrator()

No description

string
getDefaultAuthenticationProviderName()

Returns the default authentication provider name

void
emitUserDeactivated(User $user)

Signals that the given user has been activated

array<int|string,string>
normalizeRoleIdentifiers(array $roleIdentifiers)

Replaces role identifiers not containing a "." into fully qualified role identifiers from the Neos.Neos namespace.

string
normalizeRoleIdentifier(string $roleIdentifier)

Replaces a role identifier not containing a "." into fully qualified role identifier from the Neos.Neos namespace.

array
getAllRoles(User $user)

Returns an array with all roles of a user's accounts, including parent roles, the "Everybody" role and the "AuthenticatedUser" role, assuming that the user is logged in.

void
deletePersonalWorkspace(string $accountIdentifier)

Removes all personal workspaces of the given user's account if these workspaces exist. Also removes all possibly existing content of these workspaces.

void
removeOwnerFromUsersWorkspaces(User $user)

Removes ownership of all workspaces currently owned by the given user

AbstractParty|null
findUserForAccount(string $username, string $authenticationProviderName)

No description

Details

QueryResultInterface getUsers(string $sortBy = 'accounts.accountidentifier', string $sortDirection = QueryInterface::ORDER_ASCENDING)

Retrieves a list of all existing users

Parameters

string $sortBy
string $sortDirection

Return Value

QueryResultInterface

The users

QueryResultInterface searchUsers(string $searchTerm, string $sortBy, string $sortDirection)

No description

Parameters

string $searchTerm
string $sortBy
string $sortDirection

Return Value

QueryResultInterface

User|null getUser(string $username, string $authenticationProviderName = null)

Retrieves an existing user by the given username

Parameters

string $username

The username

string $authenticationProviderName

Name of the authentication provider to use, e.g. "Neos.Neos:Backend"

Return Value

User|null

The user, or null if the user does not exist

Exceptions

Exception

string|null getUsername(User $user, string $authenticationProviderName = null)

Returns the username of the given user

Technically, this method will look for the user's backend account (or, if authenticationProviderName is specified, for the account matching the given authentication provider) and return the account's identifier.

Parameters

User $user
string $authenticationProviderName

Return Value

string|null

The username or null if the given user does not have a backend account

User|null getCurrentUser()

Returns the currently logged in user, if any

Return Value

User|null

The currently logged in user, or null

UserId|null getCurrentUserIdentifier()

No description

Return Value

UserId|null

User createUser(string $username, string $password, string $firstName, string $lastName, array $roleIdentifiers = null, string $authenticationProviderName = null)

Creates a user based on the given information

The created user and account are automatically added to their respective repositories and thus be persisted.

Parameters

string $username

The username of the user to be created.

string $password

Password of the user to be created

string $firstName

First name of the user to be created

string $lastName

Last name of the user to be created

array $roleIdentifiers

A list of role identifiers to assign

string $authenticationProviderName

Name of the authentication provider to use, e.g. "Neos.Neos:Backend"

Return Value

User

The created user instance

User addUser(string $username, string $password, User $user, array $roleIdentifiers = null, string $authenticationProviderName = null)

Adds a user whose User object has been created elsewhere

This method basically "creates" a user like createUser() would, except that it does not create the User object itself. If you need to create the User object elsewhere, for example in your ActionController, make sure to call this method for registering the new user instead of adding it to the PartyRepository manually.

This method also creates a new user workspace for the given user if no such workspace exist.

Parameters

string $username

The username of the user to be created.

string $password

Password of the user to be created

User $user

The pre-built user object to start with

array $roleIdentifiers

A list of role identifiers to assign

string $authenticationProviderName

Name of the authentication provider to use, e.g. "Neos.Neos:Backend"

Return Value

User

The same user object

void emitUserCreated(User $user)

Signals that a new user, including a new account has been created.

Parameters

User $user

The created user

Return Value

void

void deleteUser(User $user)

Deletes the specified user and all remaining content in his personal workspaces

Parameters

User $user

The user to delete

Return Value

void

Exceptions

IllegalObjectTypeException
SessionNotStartedException
Exception

void emitUserDeleted(User $user)

Signals that the given user has been deleted.

Parameters

User $user

The created user

Return Value

void

void setUserPassword(User $user, string $password)

Sets a new password for the given user

This method will iterate over all accounts owned by the given user and, if the account uses a UsernamePasswordToken, sets a new password accordingly.

Parameters

User $user

The user to set the password for

string $password

A new password

Return Value

void

Exceptions

IllegalObjectTypeException
SessionNotStartedException

void updateUser(User $user)

Updates the given user in the respective repository and potentially executes further actions depending on what has been changed.

Note: changes to the user's account will not be committed for persistence. Please use addRoleToAccount(), removeRoleFromAccount(), setRolesForAccount() and setUserPassword() for changing account properties.

Parameters

User $user

The modified user

Return Value

void

int addRoleToUser(User $user, string $roleIdentifier)

Adds the specified role to all accounts of the given user and potentially carries out further actions which are needed to properly reflect these changes.

Parameters

User $user

The user to add roles to

string $roleIdentifier

A fully qualified role identifier, or a role identifier relative to the Neos.Neos namespace

Return Value

int

How often this role has been added to accounts owned by the user

int removeRoleFromUser(User $user, string $roleIdentifier)

Removes the specified role from all accounts of the given user and potentially carries out further actions which are needed to properly reflect these changes.

Parameters

User $user

The user to remove roles from

string $roleIdentifier

A fully qualified role identifier, or a role identifier relative to the Neos.Neos namespace

Return Value

int

How often this role has been removed from accounts owned by the user

void emitUserUpdated(User $user)

Signals that the given user data has been updated.

Parameters

User $user

The created user

Return Value

void

void setRolesForAccount(Account $account, array $newRoleIdentifiers)

Overrides any assigned roles of the given account and potentially carries out further actions which are needed to properly reflect these changes.

Parameters

Account $account

The account to assign the roles to

array $newRoleIdentifiers

A list of fully qualified role identifiers, or role identifiers relative to the Neos.Neos namespace

Return Value

void

int addRoleToAccount(Account $account, string $roleIdentifier)

Adds the specified role to the given account and potentially carries out further actions which are needed to properly reflect these changes.

Parameters

Account $account

The account to add roles to

string $roleIdentifier

A fully qualified role identifier, or a role identifier relative to the Neos.Neos namespace

Return Value

int

How often this role has been added to the given account (effectively can be 1 or 0)

void emitRolesAdded(Account $account, array $roles)

Signals that new roles have been assigned to the given account

Parameters

Account $account

The account

array $roles

An array of Role objects which have been added for that account

Return Value

void

int removeRoleFromAccount(Account $account, string $roleIdentifier)

Removes the specified role from the given account and potentially carries out further actions which are needed to properly reflect these changes.

Parameters

Account $account

The account to remove roles from

string $roleIdentifier

A fully qualified role identifier, or a role identifier relative to the Neos.Neos namespace

Return Value

int

How often this role has been removed from the given account (effectively can be 1 or 0)

void emitRolesRemoved(Account $account, array $roles)

Signals that roles have been removed to the given account

Parameters

Account $account

The account

array $roles

An array of Role objects which have been removed

Return Value

void

void activateUser(User $user)

Reactivates the given user

Parameters

User $user

The user to activate

Return Value

void

void emitUserActivated(User $user)

Signals that the given user has been activated

Parameters

User $user

The user

Return Value

void

void deactivateUser(User $user)

Deactivates the given user

Parameters

User $user

The user to deactivate

Return Value

void

Exceptions

IllegalObjectTypeException
SessionNotStartedException

bool currentUserCanPublishToWorkspace(Workspace $workspace)

Checks if the current user may publish to the given workspace according to one the roles of the user's accounts

In future versions, this logic may be implemented in Neos in a more generic way (for example, by means of an ACL object), but for now, this method exists in order to at least centralize and encapsulate the required logic.

Parameters

Workspace $workspace

Return Value

bool

bool currentUserCanReadWorkspace(Workspace $workspace)

Checks if the current user may read the given workspace according to one the roles of the user's accounts

In future versions, this logic may be implemented in Neos in a more generic way (for example, by means of an ACL object), but for now, this method exists in order to at least centralize and encapsulate the required logic.

Parameters

Workspace $workspace

Return Value

bool

bool currentUserCanManageWorkspace(Workspace $workspace)

Checks if the current user may manage the given workspace according to one the roles of the user's accounts

In future versions, this logic may be implemented in Neos in a more generic way (for example, by means of an ACL object), but for now, this method exists in order to at least centralize and encapsulate the required logic.

Parameters

Workspace $workspace

Return Value

bool

bool currentUserCanTransferOwnershipOfWorkspace(Workspace $workspace)

Checks if the current user may transfer ownership of the given workspace

In future versions, this logic may be implemented in Neos in a more generic way (for example, by means of an ACL object), but for now, this method exists in order to at least centralize and encapsulate the required logic.

Parameters

Workspace $workspace

Return Value

bool

bool currentUserIsAdministrator()

No description

Return Value

bool

Exceptions

NoSuchRoleException
Exception

string getDefaultAuthenticationProviderName()

Returns the default authentication provider name

Return Value

string

void emitUserDeactivated(User $user)

Signals that the given user has been activated

Parameters

User $user

The user

Return Value

void

protected array<int|string,string> normalizeRoleIdentifiers(array $roleIdentifiers)

Replaces role identifiers not containing a "." into fully qualified role identifiers from the Neos.Neos namespace.

Parameters

array $roleIdentifiers

Return Value

array<int|string,string>

protected string normalizeRoleIdentifier(string $roleIdentifier)

Replaces a role identifier not containing a "." into fully qualified role identifier from the Neos.Neos namespace.

Parameters

string $roleIdentifier

Return Value

string

Exceptions

NoSuchRoleException

array getAllRoles(User $user)

Returns an array with all roles of a user's accounts, including parent roles, the "Everybody" role and the "AuthenticatedUser" role, assuming that the user is logged in.

Parameters

User $user

The user

Return Value

array

Exceptions

NoSuchRoleException

protected void deletePersonalWorkspace(string $accountIdentifier)

Removes all personal workspaces of the given user's account if these workspaces exist. Also removes all possibly existing content of these workspaces.

Parameters

string $accountIdentifier

Identifier of the user's account

Return Value

void

protected void removeOwnerFromUsersWorkspaces(User $user)

Removes ownership of all workspaces currently owned by the given user

Parameters

User $user

The user currently owning workspaces

Return Value

void

protected AbstractParty|null findUserForAccount(string $username, string $authenticationProviderName)

No description

Parameters

string $username
string $authenticationProviderName

Return Value

AbstractParty|null

Exceptions

Exception