The following methods should be factored out of the User class into PermissionManager, leaving only deprecated stubs:
* User::isAllowed -> PermissionManager::userHasRight or some such
* User::getRights -> PermissionManager::getUserPermissions.
* User::getGroupPermissions -> PermissionManager::getGroupPermissions
* User::getGroupsWithPermission -> PermissionManager::getGroupsWithPermission
* User::groupHasPermission -> PermissionManager::groupHasPermission
* User::isEveryoneAllowed -> PermissionManager::isEveryoneAllowed
* User::getAllRights -> PermissionManager::getAllPermissions
Notes:
* Implementing getRights needs access to the user's session. This may not be possible for users other than the current user, making the behavior inconsistent in some cases. The method's contract should make this clear. Also, injecting any information about the current user, request or session is awkward for a service object, but should be acceptable due to PHP's per-request execution model, compare T218555.
* User::getAllGroups is based on the same information as getAllRights, but this fact should not be cemented by exposing getAllGroups in the PermissionManager interface. Instead, we should probably create a GroupManager service at some point.