RolesTable
extends BaseTable
in package
RolesTable - KMP RBAC Role Management
Manages role data, member assignments, and permission associations. Supports temporal role queries through MemberRoles and permission inheritance.
Tags
Table of Contents
Constants
- CACHE_GROUPS_TO_CLEAR = ['security']
- Cache invalidation configuration for security-related caches
- CACHES_TO_CLEAR = []
- ID_CACHES_TO_CLEAR = []
Properties
- $MemberRoles : MemberRolesTable|HasMany
- $Members : MembersTable|BelongsToMany
- $Permissions : PermissionsTable|BelongsToMany
Methods
- addBranchScopeQuery() : SelectQuery
- Add branch-based data scoping to a query.
- afterDelete() : void
- After delete hook to capture impersonation audit trail entries.
- afterSave() : void
- After-save handler for automatic cache invalidation.
- buildRules() : RulesChecker
- Business rules for role data integrity
- initialize() : void
- Initialize table configuration and associations.
- newEmptyEntity() : Role
- validationDefault() : Validator
- Default validation rules for role data
- logImpersonationAction() : void
- Record impersonated writes to audit log table.
Constants
CACHE_GROUPS_TO_CLEAR
Cache invalidation configuration for security-related caches
protected
array<string|int, string>
CACHE_GROUPS_TO_CLEAR
= ['security']
Role changes affect authorization decisions across the system, so we need to invalidate security-related caches when roles are modified. This ensures permission changes take effect immediately.
Cache groups to clear entirely on save
CACHES_TO_CLEAR
protected
array<string|int, array{string, string}>
CACHES_TO_CLEAR
= []
Static cache entries to clear on save
ID_CACHES_TO_CLEAR
protected
array<string|int, array{string, string}>
ID_CACHES_TO_CLEAR
= []
Entity-ID cache prefixes to clear on save
Properties
$MemberRoles
public
MemberRolesTable|HasMany
$MemberRoles
$Members
public
MembersTable|BelongsToMany
$Members
$Permissions
public
PermissionsTable|BelongsToMany
$Permissions
Methods
addBranchScopeQuery()
Add branch-based data scoping to a query.
public
addBranchScopeQuery(SelectQuery $query, array<string|int, int> $branchIDs) : SelectQuery
Child tables should override for custom branch relationships.
Parameters
- $query : SelectQuery
-
The query to modify
- $branchIDs : array<string|int, int>
-
Authorized branch IDs
Return values
SelectQuery —Query with branch filtering
afterDelete()
After delete hook to capture impersonation audit trail entries.
public
afterDelete(EventInterface $event, EntityInterface $entity, ArrayObject $options) : void
Parameters
- $event : EventInterface
-
Delete event
- $entity : EntityInterface
-
Entity being deleted
- $options : ArrayObject
-
Delete options
afterSave()
After-save handler for automatic cache invalidation.
public
afterSave(EventInterface $event, EntityInterface $entity, ArrayObject $options) : void
Parameters
- $event : EventInterface
-
The afterSave event
- $entity : EntityInterface
-
The saved entity
- $options : ArrayObject
-
Save options
buildRules()
Business rules for role data integrity
public
buildRules(RulesChecker $rules) : RulesChecker
Implements database-level business rules that go beyond basic validation, ensuring referential integrity and business logic constraints.
Parameters
- $rules : RulesChecker
-
The rules object to be modified.
Return values
RulesCheckerinitialize()
Initialize table configuration and associations.
public
initialize(array<string, mixed> $config) : void
Parameters
- $config : array<string, mixed>
-
Table configuration.
newEmptyEntity()
public
newEmptyEntity() : Role
Return values
RolevalidationDefault()
Default validation rules for role data
public
validationDefault(Validator $validator) : Validator
Implements comprehensive validation for role creation and updates, focusing on data integrity and security requirements.
Parameters
- $validator : Validator
-
Validator instance.
Return values
ValidatorlogImpersonationAction()
Record impersonated writes to audit log table.
protected
logImpersonationAction(string $defaultOperation, EntityInterface $entity) : void
Parameters
- $defaultOperation : string
-
Operation fallback (save/delete)
- $entity : EntityInterface
-
Affected entity