PHPackages                             ayd/authorize - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. ayd/authorize

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

ayd/authorize
=============

A shared authorization package for Hyperf and Laravel applications at AYD Company.

v1.0.0(yesterday)01↑2900%MITPHPPHP ^8.1

Since Jun 18Pushed yesterdayCompare

[ Source](https://github.com/AYDcompany/authorize)[ Packagist](https://packagist.org/packages/ayd/authorize)[ RSS](/packages/ayd-authorize/feed)WikiDiscussions master Synced today

READMEChangelog (1)Dependencies (2)Versions (2)Used By (0)

AYD Company Authorize
=====================

[](#ayd-company-authorize)

Shared authorization decision builder for Laravel and Hyperf applications.

The package focuses on API response abilities:

- RBAC abilities in `response.meta.abilities`
- ABAC/resource abilities in `response.data[*].abilities`
- A shared decision shape that frontend applications can consume consistently

```
{
  "abilities": {
    "detail": { "allowed": true },
    "update": {
      "allowed": true,
      "fields": {
        "*": { "allowed": false },
        "title": { "allowed": true },
        "quantity": { "allowed": true }
      }
    },
    "delete": { "allowed": true }
  }
}
```

Installation
------------

[](#installation)

```
composer require ayd/authorize
```

For local package development this package expects `ayd/api-response-base`to be available through the local path repository configured in `composer.json`.

Core Usage
----------

[](#core-usage)

```
use Ayd\Authorize\ResourceAbilitiesResolver;

$abilities = ResourceAbilitiesResolver::make()
    ->allow('detail')
    ->fields('update', [
        'title',
        'quantity' => ['allowed' => false, 'reason' => 'Quantity locked'],
    ])
    ->deny('delete', 'Archived')
    ->resolve();
```

This produces:

```
[
    'detail' => ['allowed' => true],
    'update' => [
        'allowed' => true,
        'fields' => [
            '*' => ['allowed' => false],
            'title' => ['allowed' => true],
            'quantity' => ['allowed' => false, 'reason' => 'Quantity locked'],
        ],
    ],
    'delete' => ['allowed' => false, 'reason' => 'Archived'],
]
```

For page-level RBAC maps:

```
use Ayd\ApiResponseBase\Meta;
use Ayd\Authorize\ResourceAbilitiesResolver;

$meta = Meta::abilities(ResourceAbilitiesResolver::fromBooleanMap([
    'create' => $user->can('product.create'),
    'delete' => $user->can('product.delete'),
])->resolve());
```

Model Usage
-----------

[](#model-usage)

```
use Ayd\Authorize\ResourceAbilitiesResolver;
use Ayd\Authorize\Concerns\HasResourceAbilities;
use Ayd\Authorize\Contracts\HasResourceAbilities as HasResourceAbilitiesContract;

class Product extends Model implements HasResourceAbilitiesContract
{
    use HasResourceAbilities;

    public function resolveAbilities(mixed $user = null): array|ResourceAbilitiesResolver
    {
        return $this->abilityResolver()
            ->allow('detail')
            ->fields('update', [
                'title',
                'quantity' => $this->isLocked()
                    ? ['allowed' => false, 'reason' => 'Quantity locked']
                    : true,
            ])
            ->action('delete', $user?->can('delete', $this) ?? false);
    }
}
```

Laravel API Resource Usage
--------------------------

[](#laravel-api-resource-usage)

```
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
use Ayd\Authorize\Laravel\Concerns\IncludesResourceAbilities;

class ProductResource extends JsonResource
{
    use IncludesResourceAbilities;

    public function toArray(Request $request): array
    {
        return [
            'id' => $this->id,
            'title' => $this->title,
            'abilities' => $this->resourceAbilities($request),
        ];
    }
}
```

The Laravel service provider is listed for package discovery and registers `ResourceAbilitiesResolver` as an empty singleton. It does not bind `Ayd\ApiResponseBase\Contracts\AbilitiesResolver` by default, so existing API responses will not suddenly emit empty `meta.abilities`.

Bind your own resolver if you want automatic `meta.abilities` injection through `ayd/api-response-laravel`:

```
use Ayd\ApiResponseBase\Contracts\AbilitiesResolver;

$this->app->bind(AbilitiesResolver::class, ProductPageAbilitiesResolver::class);
```

Hyperf Usage
------------

[](#hyperf-usage)

The Hyperf `ConfigProvider` registers `ResourceAbilitiesResolver` as a dependency. Use the core builder in resources, transformers, or services:

```
use Ayd\Authorize\ResourceAbilities;

$abilities = ResourceAbilities::resolve($product, $user);
```

To integrate page-level abilities with `ayd/api-response-hyperf`, bind an implementation of `Ayd\ApiResponseBase\Contracts\AbilitiesResolver` in your Hyperf dependency config.

Design Notes
------------

[](#design-notes)

- Backends should return decisions, not frontend policy logic.
- Use `meta.abilities` for page-level RBAC.
- Use `data[*].abilities` for row/resource-level ABAC.
- Explicit field decisions override the `*` fallback.
- The frontend should treat these decisions as UX hints only; backend policies remain the source of truth.

###  Health Score

39

—

LowBetter than 85% of packages

Maintenance100

Actively maintained with recent releases

Popularity2

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity42

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

1d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/1c85593d180ab34bd56247c69debca02794f8f07b7ee0737fc897164858de6b1?d=identicon)[GeorgeKing](/maintainers/GeorgeKing)

---

Top Contributors

[![george-nbi-ad](https://avatars.githubusercontent.com/u/188939767?v=4)](https://github.com/george-nbi-ad "george-nbi-ad (3 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/ayd-authorize/health.svg)

```
[![Health](https://phpackages.com/badges/ayd-authorize/health.svg)](https://phpackages.com/packages/ayd-authorize)
```

###  Alternatives

[kartik-v/yii2-password

Useful password strength validation utilities for Yii Framework 2.0

761.2M17](/packages/kartik-v-yii2-password)[better-futures-studio/filament-local-logins

This is my package filament-local-logins

1334.6k](/packages/better-futures-studio-filament-local-logins)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)