API Models UsersetInterface - evansims/openfga-php GitHub Wiki

Defines the contract for userset specifications in authorization models. A userset represents a collection of users that can be computed through various means: direct assignment, computed relationships, unions, intersections, or complex tuple-to-userset operations. This interface provides the foundation for all userset types used in OpenFGA authorization models. Use this when defining how groups of users are identified and computed in your authorization system.

Table of Contents


Namespace

OpenFGA\Models


Source

View source code


Implements


Related Classes


Methods

getComputedUserset

public function getComputedUserset(): ObjectRelationInterface|null

Get the computed userset specification for this userset. A computed userset defines relationships that are derived from other relationships, allowing for indirect authorization patterns. When present, this specifies an object-relation pair that should be computed to determine the actual users.

View source


Returns

ObjectRelationInterface | null — The computed userset specification, or null if not used


getDifference

public function getDifference(): DifferenceV1Interface|null

Get the difference operation specification for this userset. A difference operation represents a set subtraction where users are granted access based on one userset but explicitly excluded if they're in another. This enables sophisticated access control patterns like "all managers except those on leave."

View source


Returns

DifferenceV1Interface | null — The difference operation specification, or null if not used


getDirect

public function getDirect(): object|null

Get the direct userset value for this userset. A direct userset represents an immediate, explicit relationship without complex computation. This is typically used for simple membership patterns where users are directly assigned to a role or permission.

View source


Returns

object | null — The direct userset value, or null if not used


getIntersection

public function getIntersection(): UsersetsInterface|null

Get the intersection operation specification for this userset. An intersection operation represents users who must satisfy ALL of the specified usersets. This creates a logical AND operation where users are granted access only if they're in every userset within the intersection.

View source


Returns

UsersetsInterface | null — The collection of usersets to intersect, or null if not used


getTupleToUserset

public function getTupleToUserset(): TupleToUsersetV1Interface|null

Get the tuple-to-userset operation specification for this userset. A tuple-to-userset operation computes users by examining existing relationships and following them to other usersets. This enables complex authorization patterns where permissions are inherited through relationship chains.

View source


Returns

TupleToUsersetV1Interface | null — The tuple-to-userset operation specification, or null if not used


getUnion

public function getUnion(): UsersetsInterface|null

Get the union operation specification for this userset. A union operation represents users who satisfy ANY of the specified usersets. This creates a logical OR operation where users are granted access if they're in at least one userset within the union.

View source


Returns

UsersetsInterface | null — The collection of usersets to unite, or null if not used


jsonSerialize

public function jsonSerialize(): array

View source


Returns

array

Getting Started: IntroductionInstallationAuthentication

Essentials: StoresAuthorization ModelsRelationship TuplesPermissions Queries

Features: Helper FunctionsConcurrencyResultsExceptionsObservabilityIntegration

Developer Resources

Support & Community

OpenFGA Ecosystem

OpenFGA PHP SDK • Apache 2.0 License

⚠️ **GitHub.com Fallback** ⚠️