Skip to content
docsv0.2.0

PolicyRuleInterface

A single authorization policy rule, as consumed by the PolicyGate. Backing storage is the host's concern (the Milpa monorepo implements it with a Doctrine entity); the gate only reads these four accessors.

PolicyRuleInterface::getId()

abstract public function getId(): ?int

Persistent identifier of the rule, or null when it has not been persisted (e.g. an in-memory rule).

PolicyRuleInterface::getEffect()

abstract public function getEffect(): string

Either "allow" or "deny".

PolicyRuleInterface::getRequiresScopes()

abstract public function getRequiresScopes(): ?array

Scopes the caller must hold to satisfy this rule.

Returns

Any-of set of required scopes, or null when the rule imposes no scope requirement.

PolicyRuleInterface::getDescription()

abstract public function getDescription(): ?string

Human-readable explanation surfaced back to the caller when this rule denies the call.