KMP PHP API Reference

HelloWorldControllerPolicy extends BasePolicy
in package

HelloWorld Policy

This policy controls access to the HelloWorld controller and its actions. It demonstrates the authorization patterns used throughout KMP plugins.

Authorization Architecture

KMP uses policy-based authorization where each controller has a corresponding policy class. Policies implement permission checks based on:

  • User identity and roles
  • Resource ownership
  • Warrant/authorization requirements
  • Branch hierarchy
  • Custom business rules

Policy Methods

Each controller action has a corresponding canAction() method:

  • canIndex(): Controls access to list/index views
  • canView(): Controls access to detail views
  • canAdd(): Controls ability to create new records
  • canEdit(): Controls ability to update records
  • canDelete(): Controls ability to delete records

Permission Patterns

Common permission patterns in KMP:

  • Public Access: Return true for everyone
  • Authenticated Only: Check if user is logged in
  • Role-Based: Check user roles or warrants
  • Ownership: Verify user owns the resource
  • Branch Hierarchy: Check branch permissions

Example Usage

This policy demonstrates several common patterns:

  • Public index access (read-only list)
  • Authenticated user access for viewing
  • Role-based access for creating/editing/deleting
  • Resource-level authorization
Tags
see
BasePolicy
see
PolicyInterface

Table of Contents

Methods

before()  : bool|null
Check if $user is a super user and can skip auth with an auto True
canAdd()  : bool
Check if $user can add RolesPermissions
canDelete()  : bool
Check if $user can delete RolesPermissions
canEdit()  : bool
Check if $user can edit RolesPermissions
canGridData()  : bool
Check if $user can view role
canIndex()  : bool
Check if $user can view role
canView()  : bool
Check if $user can view RolesPermissions
canViewPrivateNotes()  : bool
Check if $user can view hidden
scopeIndex()  : mixed
Apply scope for index action.
_getBranchIdsForPolicy()  : array<string|int, mixed>|null
Check if $user can view hidden
_getPermissions()  : bool
Check if $user can view hidden
_getPolicies()  : bool
Check if $user can view hidden
_hasPolicy()  : bool
Check if $user can view hidden
_hasPolicyForUrl()  : bool
Check if $user can view hidden
_isSuperUser()  : bool
Check if $user is a super user

Methods

before()

Check if $user is a super user and can skip auth with an auto True

public before(KmpIdentityInterface $user, mixed $resource, string $action) : bool|null
Parameters
$user : KmpIdentityInterface

The user.

$resource : mixed

The resource.

$action : string

The action.

Return values
bool|null

_getBranchIdsForPolicy()

Check if $user can view hidden

protected _getBranchIdsForPolicy(KmpIdentityInterface $user, string $policyMethod) : array<string|int, mixed>|null
Parameters
$user : KmpIdentityInterface

The user.

$policyMethod : string
Return values
array<string|int, mixed>|null

_hasPolicy()

Check if $user can view hidden

protected _hasPolicy(KmpIdentityInterface $user, string $policyMethod, BaseEntity|Table $entity[, int|null $branchId = null ][, mixed $grantSource = null ]) : bool
Parameters
$user : KmpIdentityInterface

The user.

$policyMethod : string
$entity : BaseEntity|Table
$branchId : int|null = null
$grantSource : mixed = null
Return values
bool

_hasPolicyForUrl()

Check if $user can view hidden

protected _hasPolicyForUrl(KmpIdentityInterface $user, string $policyMethod, array<string|int, mixed> $urlProps[, int|null $branchId = null ][, mixed $grantSource = null ]) : bool
Parameters
$user : KmpIdentityInterface

The user.

$policyMethod : string
$urlProps : array<string|int, mixed>
$branchId : int|null = null
$grantSource : mixed = null
Return values
bool 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results