I couldn't understand a concept when using ZfcRbac.
1. I use my own User entity with implementing ZfcRbac\Identity\IdentityInterface
2. This interface has addRole and getRoles methods and getRoles() should return array of Rbac\Role\RoleInterface so I have an array of Rbac\Role\RoleInterface
3. I get roles from my custom model and add roles to User entity via addRole() when authenticating the user
4. Rbac\Role\RoleInterface has hasPermission() method which returns role's permissions
Summary:
After authentication I have my authenticated User identity information, roles and permissions for per role. Why I need another RoleProvider and list my all roles in it? What am i missing?
As you can see in the php doc in the IdentityInterface The getRoles() method can return two things:
1. an array of strings
2. an array of Rbac\Role\RoleInterface
In case you return an array of strings you need an additional RoleProvider to "translate" the strings to actual instances of a Rbac\Role\RoleInterface. If you return an array of Rbac\Role\RoleInterface it seems to me that you do not longer need a RoleProvider.