Tiger_Model_OrgUser

@api · extends Tiger_Model_Table

OrgUser — MEMBERSHIP. The most important table in the substrate.

A row here says "user U belongs to org O, with role R." It is simultaneously:

  1. THE TENANCY BOUNDARY. What stops a user from acting inside an org is the ABSENCE of an org_user row linking them to it. Cross-tenant denial is therefore structural — a missing row — not a code check someone can forget to write. Every tenant-scoped query should be gated on "does an (org_id, user_id) membership exist?"

  2. THE ROLE CARRIER. The role lives HERE, per-membership — not on the user — so the same user can be admin in one org and viewer in another. This is the core of Tiger's multi-tenant ACL (Tiger's key evolution over a single global role per user). The ACL engine reads the role from the current org_user row for the acting user + current org.

A user has at most ONE membership per org (unique org_id + user_id). status distinguishes active / invited / suspended memberships without deleting the row.

Methods

membership()

membership($orgId, $userId)

The membership row for a (org, user) pair, or null if none exists.

A null return IS the cross-tenant denial signal — callers should treat "no membership" as "not a member of this tenant, deny."

  • $orgId string
  • $userId string

Returns Zend_Db_Table_Row_Abstract|null

roleOf()

roleOf($orgId, $userId)

The role a user holds in an org, or null if they are not a member.

  • $orgId string
  • $userId string

Returns string|null

orgsForUser()

orgsForUser($userId)

All memberships for a user (i.e. every org they belong to). Useful for an org switcher / "your organizations" list.

  • $userId string

Returns Zend_Db_Table_Rowset_Abstract

usersInOrg()

usersInOrg($orgId)

All memberships in an org (i.e. its members). Useful for a team/members list.

  • $orgId string

Returns Zend_Db_Table_Rowset_Abstract