API Services TupleServiceInterface - evansims/openfga-php GitHub Wiki
Service interface for managing OpenFGA relationship tuples. This service provides business-focused operations for working with relationship tuples, which represent the core relationships in your authorization model. Tuples define who has what relationship to which objects, forming the foundation of your permission system. ## Core Operations The service supports tuple management with enhanced functionality: - Write tuples with validation and duplicate filtering - Read tuples with flexible filtering and pagination - Delete tuples safely with existence checking - Track tuple changes over time for auditing ## Batch Operations For high-throughput scenarios, the service provides: - Batch writes for multiple tuples in a single operation - Transaction support for atomicity guarantees - Automatic chunking to respect API limits - Duplicate filtering to optimize performance ## Usage Example php $tupleService = new TupleService($tupleRepository); Write a single tuple $result = $tupleService->write( $store, 'user:anne', 'reader', 'document:budget-2024' ); Read tuples with filters $tuples = $tupleService->read( $store, user: 'user:anne', relation: 'reader' )->unwrap(); Write multiple tuples $batch = $tupleService->writeBatch($store, $tupleKeys)->unwrap();
Table of Contents
OpenFGA\Services
- TupleService (implementation)
public function delete(
StoreInterface|string $store,
string $user,
string $relation,
string $object,
bool $confirmExists = false,
): FailureInterface|SuccessInterfaceDelete a single relationship tuple. Removes the specified relationship, with optional existence checking to provide better error messages when the tuple doesn't exist.
| Name | Type | Description |
|---|---|---|
$store |
StoreInterface | string
|
The store containing the tuple |
$user |
string |
The user identifier |
$relation |
string |
The relationship type |
$object |
string |
The object identifier |
$confirmExists |
bool |
Whether to check tuple exists before deletion (default: false) |
FailureInterface | SuccessInterface — Success if deleted, or Failure with error details
public function deleteBatch(
StoreInterface|string $store,
TupleKeysInterface $tupleKeys,
bool $transactional = true,
bool $confirmExists = false,
): FailureInterface|SuccessInterfaceDelete multiple relationship tuples in a batch operation. Efficiently removes multiple tuples, with automatic chunking and optional existence checking for better error reporting.
| Name | Type | Description |
|---|---|---|
$store |
StoreInterface | string
|
The store containing the tuples |
$tupleKeys |
TupleKeysInterface |
The tuples to delete |
$transactional |
bool |
Whether to use transactional deletes (default: true) |
$confirmExists |
bool |
Whether to check tuples exist before deletion (default: false) |
FailureInterface | SuccessInterface — Success if all deleted, or Failure with error details
public function exists(
StoreInterface|string $store,
string $user,
string $relation,
string $object,
): FailureInterface|SuccessInterfaceCheck if a specific tuple exists in the store. Efficiently verifies tuple existence without retrieving all matching tuples. Useful for validation before operations or conditional logic.
| Name | Type | Description |
|---|---|---|
$store |
StoreInterface | string
|
The store to check |
$user |
string |
The user identifier |
$relation |
string |
The relationship type |
$object |
string |
The object identifier |
FailureInterface | SuccessInterface — Success with true/false, or Failure with error details
public function getStatistics(StoreInterface|string $store): FailureInterface|SuccessInterfaceGet statistics about tuples in the store. Provides insights into the tuple distribution and counts by type and relation, useful for monitoring and capacity planning.
| Name | Type | Description |
|---|---|---|
$store |
StoreInterface | string
|
The store to analyze |
FailureInterface | SuccessInterface — Success with statistics array, or Failure with error details
public function listChanges(
StoreInterface|string $store,
string|null $type = NULL,
DateTimeImmutable|null $startTime = NULL,
string|null $continuationToken = NULL,
int|null $pageSize = NULL,
): FailureInterface|SuccessInterfaceList changes to tuples over time for auditing purposes. Retrieves a chronological log of tuple changes (writes and deletes) within the specified time range, useful for compliance and debugging.
| Name | Type | Description |
|---|---|---|
$store |
StoreInterface | string
|
The store to list changes from |
$type |
string | null
|
Filter by object type (optional) |
$startTime |
DateTimeImmutable | null
|
Start time for changes (optional) |
$continuationToken |
string | null
|
Token for pagination (optional) |
$pageSize |
int | null
|
Maximum number of changes to retrieve (default: 100) |
FailureInterface | SuccessInterface — Success with changes collection, or Failure with error details
public function read(
StoreInterface|string $store,
TupleKeyInterface|null $tupleKey = NULL,
string|null $continuationToken = NULL,
int|null $pageSize = NULL,
Consistency|null $consistency = NULL,
): FailureInterface|SuccessInterfaceRead relationship tuples with optional filtering. Retrieves tuples matching the specified criteria, with automatic pagination handling for large result sets.
| Name | Type | Description |
|---|---|---|
$store |
StoreInterface | string
|
The store to read from |
$tupleKey |
TupleKeyInterface | null
|
The tuple key to filter by (optional) |
$continuationToken |
string | null
|
Token for pagination (optional) |
$pageSize |
int | null
|
Maximum number of tuples to retrieve (null for all) |
$consistency |
Consistency | null
|
Read consistency level (optional) |
FailureInterface | SuccessInterface — Success with tuples collection, or Failure with error details
public function write(
StoreInterface|string $store,
string $user,
string $relation,
string $object,
): FailureInterface|SuccessInterfaceWrite a single relationship tuple. Creates a relationship between a user and an object with the specified relation. This is the most common operation for establishing permissions.
| Name | Type | Description |
|---|---|---|
$store |
StoreInterface | string
|
The store where the tuple will be written |
$user |
string |
The user identifier (for example 'user:anne') |
$relation |
string |
The relationship type (for example 'reader', 'writer') |
$object |
string |
The object identifier (for example 'document:budget-2024') |
FailureInterface | SuccessInterface — Success if written, or Failure with error details
public function writeBatch(
StoreInterface|string $store,
AuthorizationModelInterface|string $model,
TupleKeysInterface|null $writes = NULL,
TupleKeysInterface|null $deletes = NULL,
bool $transactional = true,
int $maxParallelRequests = 1,
int $maxTuplesPerChunk = 100,
int $maxRetries = 0,
float $retryDelaySeconds = 1.0,
bool $stopOnFirstError = false,
): FailureInterface|SuccessInterfaceWrite multiple relationship tuples in a batch operation. Efficiently writes multiple tuples, with automatic chunking to respect API limits and optional duplicate filtering for performance optimization.
| Name | Type | Description |
|---|---|---|
$store |
StoreInterface | string
|
The store where tuples will be written |
$model |
AuthorizationModelInterface | string
|
The authorization model to use |
$writes |
TupleKeysInterface | null
|
The tuples to write (optional) |
$deletes |
TupleKeysInterface | null
|
The tuples to delete (optional) |
$transactional |
bool |
Whether to use transactional writes (default: true) |
$maxParallelRequests |
int |
Maximum parallel requests (default: 1) |
$maxTuplesPerChunk |
int |
Maximum tuples per chunk (default: 100) |
$maxRetries |
int |
Maximum retries (default: 0) |
$retryDelaySeconds |
float |
Retry delay in seconds (default: 1.0) |
$stopOnFirstError |
bool |
Whether to stop on first error (default: false) |
FailureInterface | SuccessInterface — Success if all written, or Failure with error details