PHPackages                             api-skeletons/oauth2-doctrine-permissions-acl - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Database &amp; ORM](/categories/database)
4. /
5. api-skeletons/oauth2-doctrine-permissions-acl

ActiveLibrary[Database &amp; ORM](/categories/database)

api-skeletons/oauth2-doctrine-permissions-acl
=============================================

ACL permissions for api-skeletons/oauth2-doctrine-identity for Laminas

5.0.4(5y ago)19.3k↓50%1MITPHPPHP ^7.3

Since Jul 18Pushed 5y ago1 watchersCompare

[ Source](https://github.com/API-Skeletons/oauth2-doctrine-permissions-acl)[ Packagist](https://packagist.org/packages/api-skeletons/oauth2-doctrine-permissions-acl)[ RSS](/packages/api-skeletons-oauth2-doctrine-permissions-acl/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (5)Dependencies (15)Versions (6)Used By (0)

ACL permissions for api-skeletons/oauth2-doctrine for Laminas
=============================================================

[](#acl-permissions-for-api-skeletonsoauth2-doctrine-for-laminas)

[![Build Status](https://camo.githubusercontent.com/7ed81b0c985b47b6d88d7c67d907ba62be4349c6987a21b33beec3d6a6ab44cd/68747470733a2f2f7472617669732d63692e6f72672f4150492d536b656c65746f6e732f6f61757468322d646f637472696e652d7065726d697373696f6e732d61636c2e737667)](https://travis-ci.org/API-Skeletons/oauth2-doctrine-permissions-acl)[![Gitter](https://camo.githubusercontent.com/c45f0485e89d3cd41f666d7d4bb5875cb59836555e05b6b11f77ed223eb64c0c/68747470733a2f2f6261646765732e6769747465722e696d2f6170692d736b656c65746f6e732f6f70656e2d736f757263652e737667)](https://gitter.im/api-skeletons/open-source)[![Total Downloads](https://camo.githubusercontent.com/dd47ea0ce6ee02cfa5fddde468735e8075628e749d80213ffe3635fd18edb4e6/68747470733a2f2f706f7365722e707567782e6f72672f6170692d736b656c65746f6e732f6f61757468322d646f637472696e652d7065726d697373696f6e732d61636c2f646f776e6c6f616473)](https://packagist.org/packages/api-skeletons/oauth2-doctrine-permissions-acl)

About
-----

[](#about)

This provides ACL for [api-skeletons/oauth2-doctrine](https://github.com/API-Skeletons/oauth2-doctrine). This replaces some components of [laminas-api-tools/api-tools-mvc-auth](https://github.com/laminas-api-tools/api-tools-mvc-auth) to enable multiple roles per user and auto injecting roles into the ACL.

This library is specifically for a many to many relationship between Role and User. If you have a one to many relationship where each user may have only one role this library is not for you.

This library depends on [api-skeletons/auth2-doctrine-identity](https://github.com/API-Skeletons/auth2-doctrine-identity). Please see that library for implementation details.

[![Entity Relationship Diagram](https://raw.githubusercontent.com/API-Skeletons/oauth2-doctrine-permissions-acl/master/media/erd.png)](https://raw.githubusercontent.com/API-Skeletons/oauth2-doctrine-permissions-acl/master/media/erd.png)

Entity Relationship Diagram created with [Skipper](https://skipper18.com)

Installation
------------

[](#installation)

Installation of this module uses composer. For composer documentation, please refer to [getcomposer.org](http://getcomposer.org/).

```
composer require api-skeletons/oauth2-doctrine-permissions-acl
```

This will be added to your application's list of modules:

```
'modules' => array(
   ...
   'ApiSkeletons\OAuth2\Doctrine\Permissions\Acl',
),
```

Role Related Interfaces
-----------------------

[](#role-related-interfaces)

The ERD above shows the Doctrine relationship to a `Role` entity. To fetch Roles for a user the User enitity must implement [`ApiSkeletons\OAuth2\Doctrine\Permissions\Acl\Role\ProviderInterface`](https://github.com/API-Skeletons/oauth2-doctrine-permissions-acl/blob/master/src/Role/ProviderInterface.php). The `Role` entity must implement [`Laminas\Permissions\Acl\Role\RoleInterface`](https://github.com/laminas/laminas-permissions-acl/blob/master/src/Role/RoleInterface.php).

Roles may have parents. This is optional but the parent relationship is often important in ACL. To create a role hierarchy your Role entity must implement [`ApiSkeletons\OAuth2\Doctrine\Permissions\Acl\Role\HierarchicalInterface`](https://github.com/API-Skeletons/oauth2-doctrine-permissions-acl/blob/master/src/Role/HierarchicalInterface.php). This interface also implements [`Laminas\Permissions\Acl\Role\RoleInterface`](https://github.com/laminas/laminas-permissions-acl/blob/master/src/Role/RoleInterface.php).

Adding Roles to the ACL
-----------------------

[](#adding-roles-to-the-acl)

To copy roles into the ACL from your Role entity copy [`config/oauth2.doctrine.permisisons.acl.global.php.dist`](https://github.com/API-Skeletons/oauth2-doctrine-permissions-acl/blob/master/config/oauth2.doctrine.permisisons.global.php.dist) to your application `config/autoload/oauth2.doctrine.permisisons.acl.global.php`

```
'apiskeletons-oauth2-doctrine-permissions-acl' => [
    'role' => [
        'entity' => 'Db\Entity\Role',
        'object_manager' => 'doctrine.entitymanager.orm_default',
    ],
],
```

This will run at priority 1000 in the `MvcAuthEvent::EVENT_AUTHORIZATION` event. If you do not want to autoload roles remove the 'role' configuration entirely.

Adding Resource Guards
----------------------

[](#adding-resource-guards)

With all of the above this library has set the stage to create permissions on your resources. All your roles may be loaded and you can follow the official Apigility guide: Be sure your listener(s) run at priority &lt; 1000.

This is a short summary of the linked article.

Add this bootstrap to your Module:

```
namespace Application;

use Laminas\Mvc\MvcEvent;
use Laminas\Mvc\ModuleRouteListener;
use Application\Authorization\AuthorizationListener;
use Laminas\ApiTools\MvcAuth\MvcAuthEvent;

class Module
{
    public function onBootstrap(MvcEvent $e)
    {
        $eventManager        = $e->getApplication()->getEventManager();
        $moduleRouteListener = new ModuleRouteListener();
        $moduleRouteListener->attach($eventManager);

        $eventManager->attach(
            MvcAuthEvent::EVENT_AUTHORIZATION,
            new AuthorizationListener(),
            100 // Less than 1000 to allow roles to be added first && >= 100
        );
    }
}
```

Create your AuthorizationListener:

```
namespace Application\Authorization;

use Laminas\ApiTools\MvcAuth\MvcAuthEvent;
use Db\Fixture\RoleFixture;

class AuthorizationListener
{
    public function __invoke(MvcAuthEvent $mvcAuthEvent)
    {
        $authorization = $mvcAuthEvent->getAuthorizationService();

        // Deny from all
        $authorization->deny();

        // Allow from all for oauth authentication
        $authorization->addResource('ApiSkeletons\OAuth2\Controller\Auth::token');
        $authorization->allow(null, 'ApiSkeletons\OAuth2\Controller\Auth::token');

        // Add application specific resources
        $authorization->addResource('FooBar\V1\Rest\Foo\Controller::collection');
        $authorization->allow(RoleFixture::USER, 'FooBar\V1\Rest\Foo\Controller::collection', 'GET');
    }
}
```

Overriding the IS\_AUTHORIZED event
-----------------------------------

[](#overriding-the-is_authorized-event)

An event manager on the AclAuthorization allows you to override any ACL call. For instance if you have another entity which requires permissions based in its value you can add new Roles to your ACL manually then create an override when the authorization is checked to allow for those other entity values now proxied as roles:

```
use ApiSkeletons\OAuth2\Doctrine\Permissions\Acl\Event;
use Laminas\EventManager\Event as ZendEvent;

// Allow membership as a role
$events = $serviceManager->get('SharedEventManager');
$events->attach(
    Event::class,
    Event::IS_AUTHORIZED,
    function(ZendEvent $event)
    {
        if (! $event->getParam('identity') instanceof AuthenticatedIdentity) {
            return;
        }

        $membership = $event->getParam('identity')->getUser()->getMembership();

        if ($event->getTarget()->isAllowed($membership->getName(), $event->getParam('resource'), $event->getParam('privilege'))) {
            $event->stopPropagation();

            return true;
        }
    },
    100
);
```

###  Health Score

30

—

LowBetter than 64% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity25

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity54

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~64 days

Total

5

Last Release

1868d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/49dd7d9dba889ac674b0da447d9c1e69d1128dc3ccbaef98ba83d6ee519fc2d6?d=identicon)[tom\_anderson](/maintainers/tom_anderson)

---

Top Contributors

[![TomHAnderson](https://avatars.githubusercontent.com/u/493920?v=4)](https://github.com/TomHAnderson "TomHAnderson (62 commits)")

---

Tags

laminasAuthenticationdoctrineoauth2authorizationaclpermissions

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Type Coverage Yes

### Embed Badge

![Health badge](/badges/api-skeletons-oauth2-doctrine-permissions-acl/health.svg)

```
[![Health](https://phpackages.com/badges/api-skeletons-oauth2-doctrine-permissions-acl/health.svg)](https://phpackages.com/packages/api-skeletons-oauth2-doctrine-permissions-acl)
```

###  Alternatives

[pktharindu/nova-permissions

Laravel Nova Grouped Permissions (ACL)

136387.1k](/packages/pktharindu-nova-permissions)[laravel-doctrine/acl

ACL for Laravel and Doctrine

44445.3k7](/packages/laravel-doctrine-acl)[dereuromark/cakephp-tinyauth

A CakePHP plugin to handle user authentication and authorization the easy way.

129228.6k10](/packages/dereuromark-cakephp-tinyauth)[silvanite/novatoolpermissions

Laravel Nova Permissions (Roles and Permission based Access Control (ACL))

100256.7k2](/packages/silvanite-novatoolpermissions)[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6712.1k2](/packages/hasinhayder-tyro)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)