PermissionPoliciesTable
extends BaseTable
in package
PermissionPoliciesTable - Dynamic Permission Authorization Policies
Manages permission-policy associations for dynamic authorization logic. Links permissions to custom policy classes and methods.
Tags
Table of Contents
Constants
- CACHE_GROUPS_TO_CLEAR = ['security']
- CACHES_TO_CLEAR = []
- Cache configuration for permission policy data
- ID_CACHES_TO_CLEAR = []
Properties
- $Permissions : PermissionsTable|BelongsTo
Methods
- addBranchScopeQuery() : SelectQuery
- Add branch-based data scoping to a query.
- afterDelete() : void
- After delete hook to capture impersonation audit trail entries.
- afterSave() : void
- After-save handler for automatic cache invalidation.
- buildRules() : RulesChecker
- Business rules for permission policy data integrity
- initialize() : void
- Initialize method - Configures permission policy table associations and behaviors
- newEmptyEntity() : PermissionPolicy
- validationDefault() : Validator
- Default validation rules for permission policy data
- logImpersonationAction() : void
- Record impersonated writes to audit log table.
Constants
CACHE_GROUPS_TO_CLEAR
protected
array<string|int, string>
CACHE_GROUPS_TO_CLEAR
= ['security']
Cache groups to clear entirely on save
CACHES_TO_CLEAR
Cache configuration for permission policy data
protected
array<string|int, array{string, string}>
CACHES_TO_CLEAR
= []
Policy changes affect authorization decisions, so we need to invalidate security-related caches when policy associations are modified.
Static cache entries to clear on save
ID_CACHES_TO_CLEAR
protected
array<string|int, array{string, string}>
ID_CACHES_TO_CLEAR
= []
Entity-ID cache prefixes to clear on save
Properties
$Permissions
public
PermissionsTable|BelongsTo
$Permissions
Methods
addBranchScopeQuery()
Add branch-based data scoping to a query.
public
addBranchScopeQuery(SelectQuery $query, array<string|int, int> $branchIDs) : SelectQuery
Child tables should override for custom branch relationships.
Parameters
- $query : SelectQuery
-
The query to modify
- $branchIDs : array<string|int, int>
-
Authorized branch IDs
Return values
SelectQuery —Query with branch filtering
afterDelete()
After delete hook to capture impersonation audit trail entries.
public
afterDelete(EventInterface $event, EntityInterface $entity, ArrayObject $options) : void
Parameters
- $event : EventInterface
-
Delete event
- $entity : EntityInterface
-
Entity being deleted
- $options : ArrayObject
-
Delete options
afterSave()
After-save handler for automatic cache invalidation.
public
afterSave(EventInterface $event, EntityInterface $entity, ArrayObject $options) : void
Parameters
- $event : EventInterface
-
The afterSave event
- $entity : EntityInterface
-
The saved entity
- $options : ArrayObject
-
Save options
buildRules()
Business rules for permission policy data integrity
public
buildRules(RulesChecker $rules) : RulesChecker
Implements referential integrity constraints ensuring that policy associations reference valid permissions in the system.
Parameters
- $rules : RulesChecker
-
The rules object to be modified.
Return values
RulesCheckerinitialize()
Initialize method - Configures permission policy table associations and behaviors
public
initialize(array<string, mixed> $config) : void
Sets up the policy framework infrastructure for dynamic permission authorization, establishing the required association with permissions and configuring behaviors for audit trail and data management.
Parameters
- $config : array<string, mixed>
-
The configuration for the Table.
newEmptyEntity()
public
newEmptyEntity() : PermissionPolicy
Return values
PermissionPolicyvalidationDefault()
Default validation rules for permission policy data
public
validationDefault(Validator $validator) : Validator
Implements comprehensive validation for policy associations, ensuring proper policy class and method references and maintaining data integrity.
Parameters
- $validator : Validator
-
Validator instance.
Return values
ValidatorlogImpersonationAction()
Record impersonated writes to audit log table.
protected
logImpersonationAction(string $defaultOperation, EntityInterface $entity) : void
Parameters
- $defaultOperation : string
-
Operation fallback (save/delete)
- $entity : EntityInterface
-
Affected entity