I’ve been familiarizing myself with the plug-in as I incorporate it into a project. Would it be possible/beneficial to pass an array of role_ids to user_has_role() and group_has_role() instead of just a single role_id? I’m guessing many times in a project, access would be given based on a handful of roles. (Of course we could just use OR statements.) I’m also guessing a hierarchy or ranking of roles is often used for ACLs. There also might be other class methods where passing an array to it might be beneficial. Just a couple of thoughts.
That sounds like a great idea, however.
The thinking was database optimization. I could implement this, but I would not recommend it unless using it on an ACL user/group/role objects: i.e.:
$user = $acl->get_user('10',TRUE);
$user->has_role('3');
The reason is: when you return a user object one of the options is to auto hydrate (or not). The default [when returning ACL users, groups, and roles] is NOT to hydrate.
When you auto hydrate, the ACL user/group/role objects pre-polulate [load] all the relating info into variables. This way, multiple tests are only comparing variables rather than making repetitive database calls.
Ideally, when a user is logged in, you would instantly create a ACL user object that represents that user.
In the case of the ACL class, you would not (even from a logical programmatic standpoint) have auto hydration going on in the parent ACL object level. So bottom line is: passing arrays for checking can be implemented at both the core ACL level AND ACL user/group/role levels - but only advisable to use this feature at the user/group/role levels. This way, auto hydration makes it easy and much more practical from a performance standpoint.
I will work on integrating this into the classes sometime this next couple weeks unless someone wants to pitch in 
