KMP PHP API Reference

PermissionsLoader
in package

Core RBAC security engine for KMP permission validation.

Validates permissions through member roles, temporal boundaries, warrant requirements, and policy framework integration. Implements multi-tier caching for performance.

Tags
see

/docs/4.4-rbac-security-architecture.md For complete RBAC documentation

Table of Contents

Methods

getApplicationPolicies()  : array<string|int, mixed>
Discover Application Policy Classes and Methods
getMembersWithPermissionsQuery()  : SelectQuery
Get query for members with specific permission in branch context.
getPermissions()  : array<string|int, mixed>
Get complete permissions set for member.
getPolicies()  : array<string|int, mixed>
Get policy framework mappings for member.
getServicePrincipalPermissions()  : array<string|int, mixed>
Get complete permissions set for a service principal.
getServicePrincipalPolicies()  : array<string|int, mixed>
Get policy framework mappings for a service principal.
validPermissionClauses()  : SelectQuery
Apply comprehensive permission validation chain.

Methods

getApplicationPolicies()

Discover Application Policy Classes and Methods

public static getApplicationPolicies() : array<string|int, mixed>

Scans application and plugin directories for policy classes and discovers their authorization methods. Returns mapping of policy classes to method arrays.

Return values
array<string|int, mixed>

Policy class to methods mapping

getMembersWithPermissionsQuery()

Get query for members with specific permission in branch context.

public static getMembersWithPermissionsQuery(int $permissionId, int $branch_id) : SelectQuery

Reverse permission lookup - finds all members who have a permission. Respects permission scoping rules (global, branch-only, branch-and-children).

Parameters
$permissionId : int

The permission ID to search for

$branch_id : int

The branch context for scoped permission checking

Return values
SelectQuery

Query object ready for execution or further modification

getPermissions()

Get complete permissions set for member.

public static getPermissions(int $memberId) : array<string|int, mixed>

Loads all permissions with role validation, temporal boundaries, and policy integration. Results are cached with key member_permissions{memberId}.

Parameters
$memberId : int

The member ID to load permissions for

Return values
array<string|int, mixed>

Associative array of permission objects indexed by permission ID

getPolicies()

Get policy framework mappings for member.

public static getPolicies(int $id[, array<string|int, mixed>|null $branchIds = null ]) : array<string|int, mixed>

Extracts policy class/method mappings from permissions with branch scoping support. Results are cached with key permissions_policies{memberId}.

Parameters
$id : int

Member ID to get policies for

$branchIds : array<string|int, mixed>|null = null

Optional array of branch IDs to filter policies by

Return values
array<string|int, mixed>

Nested array of policy classes, methods, and authorization data

getServicePrincipalPermissions()

Get complete permissions set for a service principal.

public static getServicePrincipalPermissions(int $servicePrincipalId) : array<string|int, mixed>

Loads all permissions through ServicePrincipalRoles with role validation and temporal boundaries. Similar to getPermissions() but for service principals. Results are cached with key sp_permissions_{servicePrincipalId}.

Parameters
$servicePrincipalId : int

The service principal ID to load permissions for

Return values
array<string|int, mixed>

Associative array of permission objects indexed by permission ID

getServicePrincipalPolicies()

Get policy framework mappings for a service principal.

public static getServicePrincipalPolicies(int $servicePrincipalId[, array<string|int, mixed>|null $branchIds = null ]) : array<string|int, mixed>

Similar to getPolicies() but for service principals. Results are cached with key sp_policies_{servicePrincipalId}.

Parameters
$servicePrincipalId : int

Service principal ID

$branchIds : array<string|int, mixed>|null = null

Optional branch IDs to filter policies

Return values
array<string|int, mixed>

Nested array of policy classes, methods, and authorization data

validPermissionClauses()

Apply comprehensive permission validation chain.

protected static validPermissionClauses(SelectQuery $q) : SelectQuery

Core RBAC security logic validating: role temporal boundaries, membership status, background checks, age restrictions, and warrant requirements (when enabled). Used by all permission checking operations for consistent validation.

Parameters
$q : SelectQuery

Base query to apply validation clauses to

Return values
SelectQuery

Query with validation chain applied


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results