API Models AuthorizationModelInterface - evansims/openfga-php GitHub Wiki
Represents an OpenFGA authorization model that defines permission structures. Authorization models are the core configuration that defines how permissions work in your application. They specify the types of objects in your system, the relationships that can exist between users and those objects, and the rules that govern how permissions are computed and inherited. An authorization model consists of: - Type definitions that describe object types and their possible relations - Optional conditions that enable context-based authorization decisions - Schema version information for compatibility and evolution - Unique model ID for versioning and deployment tracking Authorization models serve as the blueprint for all authorization decisions, defining the permission logic that OpenFGA uses when evaluating check requests. They can be expressed in both JSON format (for API operations) and DSL format (for human readability and management). Models support versioning, allowing you to evolve your authorization logic over time while maintaining compatibility with existing data and applications. Each model version is immutable once created, ensuring consistent behavior and enabling safe rollbacks when needed.
Table of Contents
OpenFGA\Models
ModelInterfaceJsonSerializable
- AuthorizationModel (implementation)
public function dsl(): stringGenerate a DSL (Domain Specific Language) representation of this authorization model. The DSL provides a human-readable, text-based format for expressing authorization models that is easier to understand, review, and modify than raw JSON. The DSL format uses a syntax similar to configuration languages, making it accessible to both developers and non-technical stakeholders who need to understand or modify permission structures. The DSL representation includes: - Type definitions with their relations and inheritance rules - Condition expressions and parameters - Human-readable relation definitions and computed permissions - Comments and formatting that enhance comprehension This format is particularly valuable for: - Documentation and code reviews - Version control and change tracking - Model debugging and testing - Administrative interfaces and tooling
string — The authorization model expressed in OpenFGA DSL format for human readability
public function getConditions(): ConditionsInterface|nullGet the conditions defined in this authorization model. Conditions enable attribute-based access control (ABAC) by allowing relationships to be conditional based on runtime context and parameters. When conditions are present in the model, they can be referenced in relationship tuples to create dynamic authorization rules that consider factors such as: - Time-based restrictions (business hours, expiration dates) - Resource attributes (document classification, geographic location) - User context (department, role level, current project) - Environmental factors (IP address, device type, authentication method) Conditions are evaluated during authorization checks, and relationships with conditions are only considered valid when the condition evaluates to true given the current context parameters.
ConditionsInterface | null — The collection of reusable conditions defined in this model, or null if no conditions are defined
public function getId(): stringGet the unique identifier for this authorization model. The model ID serves as a unique identifier for this specific version of the authorization model within the OpenFGA system. This ID is generated by the OpenFGA service when the model is created and is used to: - Reference this model in API operations - Track model versions and deployment history - Ensure consistency across different services and environments - Enable model rollbacks and A/B testing scenarios Each model ID is unique within a store, allowing multiple model versions to coexist and enabling gradual migration between authorization schemas.
string — The globally unique identifier for this authorization model version
public function getSchemaVersion(): SchemaVersionGet the schema version of this authorization model. The schema version indicates which version of the OpenFGA authorization model specification this model conforms to. Different schema versions may support different features, syntax variations, or behavioral semantics. This version information ensures: - Proper interpretation of model structures and syntax - Compatibility checking between client and server versions - Feature availability and validation logic - Migration paths between different OpenFGA versions The schema version enables the OpenFGA service to correctly parse and execute authorization logic according to the appropriate specification.
SchemaVersion — The schema version enumeration indicating the model format specification
public function getTypeDefinitions(): TypeDefinitionsInterfaceGet the type definitions that define the structure of this authorization model. Type definitions form the core structure of an authorization model by specifying: - The types of objects that exist in your system (documents, users, folders, etc.) - The relationships that can exist between users and those object types - How permissions are computed and inherited through relationship chains - The rules that govern complex authorization scenarios Each type definition includes relations that describe the various ways users can be associated with objects of that type. Relations can be direct (simple assignments) or computed (derived from other relationships), enabling sophisticated permission hierarchies and inheritance patterns. Type definitions are the foundation that OpenFGA uses to understand your domain model and execute authorization queries efficiently.
TypeDefinitionsInterface — The collection of type definitions that structure this authorization model
public function jsonSerialize(): arraySerialize the authorization model for JSON encoding. This method prepares the complete authorization model data for API communication with the OpenFGA service, converting all components into the format specified by the OpenFGA API. The serialization includes: - Model identification and versioning information - Complete type definitions with relations and metadata - Optional conditions with expressions and parameters - All nested structures properly formatted for JSON transmission The resulting structure is suitable for creating new authorization models, updating existing models, or storing model definitions in external systems. All data is formatted according to the OpenFGA API specification to ensure compatibility and correct interpretation by the authorization service.
array