KMP PHP API Reference

OfficerPolicy extends BasePolicy
in package

Officer Authorization Policy

Controls entity-level access for Officer operations including assignment, release, warrant management, and hierarchical access control. Implements dual ownership model (self-access + administrative access) and office-specific authorization.

Tags
see

/docs/5.1-officers-plugin.md

Table of Contents

Methods

before()  : bool|null
Check if $user is a super user and can skip auth with an auto True
canAdd()  : bool
Check if $user can add RolesPermissions
canAssign()  : bool
Check if user can assign officers within branch context.
canBranchOfficers()  : bool
Check if user can view branch officers.
canDelete()  : bool
Check if $user can delete RolesPermissions
canEdit()  : bool
Check if user can edit an officer. Validates both permission and office access.
canGridData()  : bool
Check if $user can view role
canIndex()  : bool
Check if $user can view role
canMemberOfficers()  : bool
Check if user can view member officers. Members can view their own assignments.
canOfficers()  : bool
Check if user has general officer access.
canOfficersByWarrantStatus()  : bool
Check if user can view officers by warrant status.
canRelease()  : bool
Check if user can release an officer. Validates both permission and office access.
canRequestWarrant()  : bool
Check if user can request warrant. Members can request for their own assignments.
canView()  : bool
Check if $user can view RolesPermissions
canViewPrivateNotes()  : bool
Check if $user can view hidden
canWorkWithAllOfficers()  : bool
Check if user can work with all officers across the organization.
canWorkWithOfficerDeputies()  : bool
Check if user can work with officer deputies.
canWorkWithOfficerDirectReports()  : bool
Check if user can work with direct report officers.
canWorkWithOfficerReportingTree()  : bool
Check if user can work with officers in their reporting tree.
scopeIndex()  : mixed
Apply scope for index action.
_getBranchIdsForPolicy()  : array<string|int, mixed>|null
Check if $user can view hidden
_getPermissions()  : bool
Check if $user can view hidden
_getPolicies()  : bool
Check if $user can view hidden
_hasPolicy()  : bool
Check if $user can view hidden
_hasPolicyForUrl()  : bool
Check if $user can view hidden
_isSuperUser()  : bool
Check if $user is a super user
canManageOfficerMember()  : bool
Determine whether the user can manage officer actions for a member.

Methods

before()

Check if $user is a super user and can skip auth with an auto True

public before(KmpIdentityInterface $user, mixed $resource, string $action) : bool|null
Parameters
$user : KmpIdentityInterface

The user.

$resource : mixed

The resource.

$action : string

The action.

Return values
bool|null

canBranchOfficers()

Check if user can view branch officers.

public canBranchOfficers(KmpIdentityInterface $user, BaseEntity $entity, mixed ...$optionalArgs) : bool

All authenticated members can view branch officers (public information).

Parameters
$user : KmpIdentityInterface

The authenticated user

$entity : BaseEntity

Context entity

$optionalArgs : mixed

Additional parameters

Return values
bool

canMemberOfficers()

Check if user can view member officers. Members can view their own assignments.

public canMemberOfficers(KmpIdentityInterface $user, BaseEntity $entity, mixed ...$optionalArgs) : bool
Parameters
$user : KmpIdentityInterface

The authenticated user

$entity : BaseEntity

Officer entity with member_id

$optionalArgs : mixed

Additional parameters

Return values
bool

canRelease()

Check if user can release an officer. Validates both permission and office access.

public canRelease(KmpIdentityInterface $user, BaseEntity $entity, mixed ...$optionalArgs) : bool
Parameters
$user : KmpIdentityInterface

The authenticated user

$entity : BaseEntity

Officer entity to release

$optionalArgs : mixed

[0] = branchId override

Return values
bool

canRequestWarrant()

Check if user can request warrant. Members can request for their own assignments.

public canRequestWarrant(KmpIdentityInterface $user, BaseEntity $entity, mixed ...$optionalArgs) : bool
Parameters
$user : KmpIdentityInterface

The authenticated user

$entity : BaseEntity

Officer entity

$optionalArgs : mixed

[0] = branchId override

Return values
bool

canWorkWithAllOfficers()

Check if user can work with all officers across the organization.

public canWorkWithAllOfficers(KmpIdentityInterface $user, BaseEntity $entity, mixed ...$optionalArgs) : bool
Parameters
$user : KmpIdentityInterface

The authenticated user

$entity : BaseEntity

Context entity

$optionalArgs : mixed

Additional parameters

Return values
bool

canWorkWithOfficerDeputies()

Check if user can work with officer deputies.

public canWorkWithOfficerDeputies(KmpIdentityInterface $user, BaseEntity $entity, mixed ...$optionalArgs) : bool
Parameters
$user : KmpIdentityInterface

The authenticated user

$entity : BaseEntity

Officer entity

$optionalArgs : mixed

[0] = branchId, [1] = doGrantCheck flag

Return values
bool

canWorkWithOfficerDirectReports()

Check if user can work with direct report officers.

public canWorkWithOfficerDirectReports(KmpIdentityInterface $user, BaseEntity $entity, mixed ...$optionalArgs) : bool
Parameters
$user : KmpIdentityInterface

The authenticated user

$entity : BaseEntity

Officer entity

$optionalArgs : mixed

[0] = branchId, [1] = doGrantCheck flag

Return values
bool

canWorkWithOfficerReportingTree()

Check if user can work with officers in their reporting tree.

public canWorkWithOfficerReportingTree(KmpIdentityInterface $user, BaseEntity $entity, mixed ...$optionalArgs) : bool
Parameters
$user : KmpIdentityInterface

The authenticated user

$entity : BaseEntity

Officer entity

$optionalArgs : mixed

[0] = branchId, [1] = doGrantCheck flag

Return values
bool

_getBranchIdsForPolicy()

Check if $user can view hidden

protected _getBranchIdsForPolicy(KmpIdentityInterface $user, string $policyMethod) : array<string|int, mixed>|null
Parameters
$user : KmpIdentityInterface

The user.

$policyMethod : string
Return values
array<string|int, mixed>|null

_hasPolicy()

Check if $user can view hidden

protected _hasPolicy(KmpIdentityInterface $user, string $policyMethod, BaseEntity|Table $entity[, int|null $branchId = null ][, mixed $grantSource = null ]) : bool
Parameters
$user : KmpIdentityInterface

The user.

$policyMethod : string
$entity : BaseEntity|Table
$branchId : int|null = null
$grantSource : mixed = null
Return values
bool

_hasPolicyForUrl()

Check if $user can view hidden

protected _hasPolicyForUrl(KmpIdentityInterface $user, string $policyMethod, array<string|int, mixed> $urlProps[, int|null $branchId = null ][, mixed $grantSource = null ]) : bool
Parameters
$user : KmpIdentityInterface

The user.

$policyMethod : string
$urlProps : array<string|int, mixed>
$branchId : int|null = null
$grantSource : mixed = null
Return values
bool

canManageOfficerMember()

Determine whether the user can manage officer actions for a member.

protected canManageOfficerMember(KmpIdentityInterface $user, int $memberId) : bool

Allows self or parent-of-minor access.

Parameters
$user : KmpIdentityInterface
$memberId : int
Return values
bool 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results