← Back to Plugin Architecture

5.6.1 Activities Plugin Architecture & Configuration

Last Updated: December 3, 2025
Status: Complete
Plugin: Activities

Table of Contents

• Plugin Architecture Overview
• Core Components
• Plugin Initialization
• Service Registration
• Navigation & UI Integration
• Configuration Management
• Routing & Middleware

Plugin Architecture Overview

The Activities Plugin is a foundational KMP component that manages member authorization workflows for activity-based participation. It provides comprehensive authorization lifecycle management, multi-level approval workflows, and temporal access control.

Key Design Principles

• Service-Oriented Architecture: Clean separation of concerns with dependency injection
• ActiveWindow Integration: Automatic temporal lifecycle management for authorizations
• RBAC Integration: Permission-based approval authority and access control
• Event-Driven UI: Dynamic content injection through CallForCellsHandler
• Auditability: Complete tracking of all authorization changes

Plugin Dependencies

The Activities Plugin depends on:

• Core KMP Framework: ActiveWindow system, RBAC, Member management
• Navigation Registry: Dynamic navigation item registration
• View Cell Registry: Context-sensitive UI component integration
• Static Helpers: Application settings management and configuration versioning

Core Components

Authorization Entity

Represents a member’s authorization to participate in a specific activity.

For comprehensive technical reference including all properties, relationships, database schema, status constants, temporal management, and usage examples, see Authorization Entity Reference.

Status Constants:

const APPROVED_STATUS = "Approved";      // Authorization is active and valid
const PENDING_STATUS = "Pending";        // Authorization awaiting approval
const DENIED_STATUS = "Denied";          // Authorization request was rejected
const REVOKED_STATUS = "Revoked";        // Previously approved authorization was revoked
const EXPIRED_STATUS = "Expired";        // Authorization has passed its expiration date
const RETRACTED_STATUS = "Retracted";    // Member retracted pending request

Core Responsibilities:

• Track member requests for activity participation
• Manage approval workflow through multi-level authorization process
• Maintain temporal validity windows with automatic expiration
• Support automatic role assignment upon approval
• Provide audit trail of authorization lifecycle

Activity Entity

Defines authorization types that members can request. For comprehensive technical reference including all properties, relationships, virtual properties, and usage examples, see Activity Entity Reference.

Key Configuration:

• Links to RBAC Permission for approver discovery via permission_id
• Defines approval requirements: num_required_authorizors and num_required_renewers
• Enforces age eligibility through minimum_age and maximum_age
• Automatically grants roles on authorization via grants_role_id

Key Method:

// Discover members with approval authority for this activity
public function getApproversQuery(int $branch_id): SelectQuery

ActivityGroup Entity

Provides categorical organization for related activities.

Structure:

• Simple name-based organization
• hasMany relationship with Activities
• Supports future feature expansion (reporting, hierarchies, etc.)

AuthorizationApproval Entity

Tracks individual approval decisions in multi-level approval workflows.

For comprehensive technical reference including all properties, relationships, database schema, workflow architecture, security implementation, and usage examples, see AuthorizationApproval Entity Reference.

Tracks:

• Individual approver response (approved/denied)
• Timestamp and approver identity
• Sequential approval order
• Approver notes and reasoning

Key Methods:

• Static memberAuthQueueCount(): Get pending approval count for member
• initialize(): Configure associations and table behavior
• validationDefault(): Field validation rules
• buildRules(): Referential integrity enforcement

Service Layer: AuthorizationManagerInterface

Core business logic abstraction for authorization workflows.

Key Responsibilities:

// Request new authorization or renewal
public function request(
    int $activityId,
    int $requesterId,
    bool $isRenewal = false,
    array $data = []
): ServiceResult

// Process approval decision
public function approve(
    int $authorizationId,
    int $approverId,
    array $data = []
): ServiceResult

// Deny authorization request
public function deny(
    int $authorizationId,
    int $approverId,
    string $denyReason = ''
): ServiceResult

// Revoke active authorization
public function revoke(
    int $authorizationId,
    int $revokerId,
    string $revokedReason = ''
): ServiceResult

Default Implementation: DefaultAuthorizationManager

Plugin Initialization

Migration Order

The Activities Plugin uses configurable migration order (default: 0) to control initialization sequence relative to other plugins.

Configuration in config/plugins.php:

'Activities' => [
    'migrationOrder' => 1,  // Optional: set to 1 for base system behavior
]

Bootstrap Process

The bootstrap() method initializes the plugin with:

1. Navigation Registration: Registers dynamic navigation provider
2. View Cell Registration: Registers context-sensitive UI components
3. Configuration Versioning: Manages configuration migrations and updates
4. Default Settings: Initializes application settings

Configuration Version Management:

$currentConfigVersion = "25.01.11.c";  // Updated on each configuration change

$configVersion = StaticHelpers::getAppSetting(
    "Activities.configVersion",
    "0.0.0",
    null,
    true
);

if ($configVersion != $currentConfigVersion) {
    // Perform configuration migrations
    StaticHelpers::setAppSetting("Activities.configVersion", $currentConfigVersion);
    // Initialize default settings
}

Service Registration

The plugin registers core services with CakePHP’s dependency injection container.

AuthorizationManagerInterface Registration

public function services(ContainerInterface $container): void
{
    $container->add(
        AuthorizationManagerInterface::class,
        DefaultAuthorizationManager::class,
    )->addArgument(ActiveWindowManagerInterface::class);
}

Service Characteristics:

• Singleton instance per container
• Dependency: ActiveWindowManagerInterface
• Used by controllers, other services, and workflows
• Provides transaction management and error handling

Usage in Controllers

class AuthorizationsController extends AppController
{
    private AuthorizationManagerInterface $authorizationManager;

    public function __construct(AuthorizationManagerInterface $authorizationManager)
    {
        $this->authorizationManager = $authorizationManager;
    }

    public function request()
    {
        $result = $this->authorizationManager->request(
            $activityId,
            $this->Authentication->getIdentity()->id
        );
        
        if ($result->isSuccess()) {
            $this->Flash->success('Authorization requested');
        } else {
            $this->Flash->error($result->getMessage());
        }
    }
}

Navigation & UI Integration

Dynamic Navigation Provider

The ActivitiesNavigationProvider generates context-aware navigation items based on user permissions and plugin state.

Navigation Categories:

• Personal Workflows: My authorization queue with pending count badges
• Administrative Tools: Authorization management interfaces
• Configuration Management: Activity groups and activities administration
• Reporting: Authorization analytics and compliance reporting

Feature: Real-time badge support displaying pending approval counts

Permission-Based Visibility: Navigation items only appear when user has required permissions

View Cell Integration

The ActivitiesViewCellProvider registers context-sensitive UI components.

Integration Points:

• Member profile pages: Display current and pending authorizations
• Administrative dashboards: Summary statistics and workflow management
• Mobile optimization: Touch-friendly JSON endpoints for API access

Registration Pattern:

public static function getViewCells($urlParams, $user): array
{
    $cells = [];
    
    // Conditional rendering based on page context
    if ($urlParams['controller'] === 'Members' && $urlParams['action'] === 'view') {
        $cells[] = [
            'type' => ViewCellRegistry::PLUGIN_TYPE_TAB,
            'label' => 'Authorizations',
            'cell' => 'Activities.MemberAuthorizations',
            'order' => 15,
        ];
    }
    
    return $cells;
}

Configuration Management

Application Settings

The plugin manages the following application settings:

Activities.configVersion

• Tracks configuration version for migrations
• Default: “0.0.0”
• Updated when plugin configuration changes

Activities.NextStatusCheck

• Scheduled date for next authorization status review
• Prevents excessive real-time status checking
• Initialized to yesterday’s date on first run

Plugin.Activities.Active

• Global plugin activation flag
• Default: “yes”
• Controls whether plugin features are available system-wide

Versioned Configuration Updates

Configuration migrations handle:

• Initialization of new settings
• Migration of existing settings to new structure
• Cleanup of deprecated settings (e.g., Member.AdditionalInfo.DisableAuthorizationSharing)
• Backward compatibility across versions

Routing & Middleware

Plugin Routes

Routes are configured under the /activities path prefix.

Route Examples:

• GET /activities → ActivitiesController::index()
• GET /activities/authorizations → AuthorizationsController::index()
• POST /activities/authorizations/request → AuthorizationsController::request()
• GET /activities/activity-groups → ActivityGroupsController::index()

Fallback Routing: Standard CakePHP controller/action patterns for REST-like operations

Route Configuration:

public function routes(RouteBuilder $routes): void
{
    $routes->plugin(
        'Activities',
        ['path' => '/activities'],
        function (RouteBuilder $builder) {
            // Standard CakePHP fallback routing
            $builder->fallbacks();
        }
    );
}

Middleware

Currently no custom middleware is required. Extension point available for future middleware needs:

Potential Applications:

• Authorization-specific permission checks
• Audit logging of authorization operations
• Rate limiting for authorization requests
• Additional validation layers

Console Commands

Reserved for future CLI commands supporting:

• Cleanup of expired authorizations
• Batch authorization status updates
• Report generation
• Data migrations between versions

Planned Usage:

bin/cake activities cleanup_expired
bin/cake activities status_report
bin/cake activities migrate_data

---

References

• Activity Entity Reference - Entity properties, relationships, and methods
• Activity Security & Authorization Patterns - Security, mass assignment, approver discovery
• Activities Plugin Workflows
• Back to Plugin Architecture
• RBAC Security Architecture
• Member Lifecycle