Understand the moving parts behind CI4MS—filters, routes, modules, caches, and tooling. Use this guide alongside the developer handbook when designing new features or debugging runtime behaviour.
app/Filters/Ci4ms.php enforces install checks,
maintenance redirects, and menu cache hydration in
after().
app/Config/Filters.php scans module and theme filter
directories, then merges CSRF exceptions from
Modules\Backend\Config\BackendConfig.
app/Config/Routes.php preloads settings, attaches
template routes, then imports every module’s
Config/Routes.php before declaring front-end routes.
bertugfahriozer/ci4commonmodel powers the generic CRUD
layer. Modules lean on helpers such as lists,
selectOne, create, createMany,
edit, remove, and isHave.
The backend BaseController instantiates
CommonModel once, exposing it via
$this->commonModel to child controllers.
logged_in, redirect_url) and
caches user permissions.
Modules\Backend\Filters\BackendAfterLoginFilter
enforces authentication, verifies permissions, checks theme assets,
and warms cached settings.
Modules\Users\Models\UserscrudModel::loggedUser()),
navigation (AuthLibrary::sidebarNavigation()), mail
config, and $this->defData.
auth_permissions_pages (module/page CRUD flags) and
auth_users_permissions (user overrides).
Modules\Methods provides scanning utilities to sync
routes.
Each module under modules/<Name> typically
includes:
Config/Routes.php – routes plus metadata (role
options).
Config/*.php – module-specific settings.Controllers/ – usually extend the backend base
controller.
Models/, Views/, optional
Libraries/, Helpers/,
Language/, Filters/,
Database/.
Scaffold new modules with php spark make:module Foo (from
ci4-cms-erp/ext_module_generator) and follow up with
routes, implementation, and permissions.
Modules\Install.env to .env, sets base
configuration, runs migrations, and seeds defaults via
InstallService.
app/Config/Routes.php from the command
template.
Ci4msDefaultsSeeder prompts for admin credentials.
InstallService::createDefaultData() to seed
modules, permissions, admin account, sample content, and
settings.
settings; cached for 24h.
{userId}_permissions); clear when updating roles.
public/templates/<theme> with
optional overrides in app/Config,
app/Controllers, etc.
Modules\Theme handles ZIP uploads, temporary extraction
(writable/tmp), duplicate detection, and final
installation.
BackendAfterLoginFilter warns administrators if
info.xml or screenshot.png is missing.
App\Controllers\Home renders front pages and blogs,
parses inline shortcodes
(CommonLibrary::parseInTextFunctions()), assembles meta
tags (Ci4msseoLibrary), and loads categories, tags,
authors, breadcrumbs, and comments.
coverImage, description,
keywords).
Modules\Media integrates elFinder with MIME allowlists,
trash handling, and optional WebP conversion via
claviska/simpleimage.
Modules\Fileeditor offers in-project file
browsing/editing secured by realpath checks.
Modules\Logs implements a custom, highly-optimized
LogViewer library so administrators can securely
inspect writable/logs/ from
/backend/logs without shell access.
app/Commands/* contains admin generators
(make:acontroller, make:amodel,
make:abview) and route regeneration
(create:route).
ci4-cms-erp/ext_module_generator via
php spark make:module.
Modules\Methods::moduleScan() inspects the router and
aligns permissions with available routes.
Modules\Methods whenever new secured routes are
introduced.
php spark cache:clear) after modifying
settings, menus, or permissions.
info.xml, screenshot.png).
Frequent tables include users, auth_groups,
auth_permissions_pages,
auth_users_permissions, modules,
pages, blog,
blog_categories_pivot, tags,
tags_pivot, menu, settings,
login_rules, and others introduced by modules.
Consult module migrations for schema details.
Use this architecture map to reason about dependencies and extension points. Pair it with the developer handbook and user guide for the full CI4MS story.