PHPackages caridea/acl - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. caridea/acl ActiveLibrary[Authentication & Authorization](/categories/authentication) caridea/acl =========== A shrimp of an access control library 3.0.0(8y ago)05802Apache-2.0PHPPHP >=7.1.0 Since Mar 22Pushed 8y ago1 watchersCompare [ Source](https://github.com/libreworks/caridea-acl)[ Packagist](https://packagist.org/packages/caridea/acl)[ Docs](http://github.com/libreworks/caridea-acl)[ RSS](/packages/caridea-acl/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (3)Dependencies (1)Versions (10)Used By (2) caridea-acl =========== [](#caridea-acl) Caridea is a miniscule PHP application library. This shrimpy fellow is what you'd use when you just want some helping hands and not a full-blown framework. [![](https://camo.githubusercontent.com/3a9d2bd9abd336c1541d254cd07f8dff935288ad4a0983294f0b3f572f5b0f4b/687474703a2f2f6c69627265776f726b732e636f6d2f636172696465612d3130302e706e67)](https://camo.githubusercontent.com/3a9d2bd9abd336c1541d254cd07f8dff935288ad4a0983294f0b3f572f5b0f4b/687474703a2f2f6c69627265776f726b732e636f6d2f636172696465612d3130302e706e67) This is its access control component. You can create lists of permissions from any source you wish. [![Packagist](https://camo.githubusercontent.com/8908e33971c6ba3a7642d24a0ec1f771043747a068adf5815da631471a4bc615/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f636172696465612f61636c2e737667)](https://packagist.org/packages/caridea/acl)[![Build Status](https://camo.githubusercontent.com/cf90783b3a4dfb5457cc50ca4d370a3ec723f6a223b8c1f816391fc504a5385c/68747470733a2f2f7472617669732d63692e6f72672f6c69627265776f726b732f636172696465612d61636c2e737667)](https://travis-ci.org/libreworks/caridea-acl)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/ee28f9c5fbe8fd476bb695c0de372049d5d7fb8bf23c3322057edc09442b8159/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f6c69627265776f726b732f636172696465612d61636c2f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/libreworks/caridea-acl/?branch=master)[![Code Coverage](https://camo.githubusercontent.com/9c08a3113a8cfeaaaca030611be843088bb9816555ad4c53a3adf37ed3367929/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f6c69627265776f726b732f636172696465612d61636c2f6261646765732f636f7665726167652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/libreworks/caridea-acl/?branch=master) Installation ------------ [](#installation) You can install this library using Composer: ``` $ composer require caridea/acl ``` - The master branch (version 3.x) of this project requires PHP 7.1 and has no dependencies. - Version 2.x of this project requires PHP 7.0 and has no dependencies. - Version 1.x of this project requires PHP 5.5 and has no dependencies. Compliance ---------- [](#compliance) Releases of this library will conform to [Semantic Versioning](http://semver.org). Our code is intended to comply with [PSR-1](http://www.php-fig.org/psr/psr-1/), [PSR-2](http://www.php-fig.org/psr/psr-2/), and [PSR-4](http://www.php-fig.org/psr/psr-4/). If you find any issues related to standards compliance, please send a pull request! Documentation ------------- [](#documentation) - Head over to [Read the Docs](http://caridea-acl.readthedocs.io/en/latest/) Definitions ----------- [](#definitions) Our permission API deals with three concepts: Subjects, Verbs, and Targets. A *target* is something that can be protected. It has a type and an identifier. It could be a record from your database, a controller method in your application, or a URL. A *subject* is a user or role that can be allowed or denied access. `caridea-acl` ships with two kinds of `Subject`s: *principal* and *role*. For instance, the currently authenticated user has a principal `Subject` with the username, and several role `Subject`s with the role names (e.g. `admin`, `user`, `us-citizen`). A *verb* is the action the `Subject` can take on the `Target` (e.g. *read*, *create*, *submit*). `Target` and `Subject` are classes, not interfaces. Since we intend ACLs to be immutable and potentially serializable, we'd rather you not add interfaces onto your own domain classes. Examples -------- [](#examples) You must create your own ACL loaders. We include absolutely no logic to store and retrieve ACLs. Why? Well, in our experience, the larger an application gets, the less efficient it is to serialize and store ACLs for any record that might have permissions. We've found that most of the time an application's business rules are determined by record attributes, such as who's created what record, who's the manager of a department, and so on. By writing your own `Loader`s, you control in very fine detail how your permission model is provided. ``` class MyLoader implements \Caridea\Acl\Loader { public function supports(Target $target) { return $target->getType() == 'foobar'; } public function load(Target $target, array $subjects, Service $service) { // some custom method to load my database record try { $record = MyRecord::loadFromDatabase($target->getId()); } catch (\Exception $e) { throw new \Caridea\Acl\Exception\Unloadable("Could not load record", 0, $e); } // load the parent record's ACL $parent = $service->get(new Target('foobar', $record['parent']), $subjects); // create the rules and return the final constructed ACL $rules = []; foreach ($subjects as $subject) { if ($subject->getType() == 'role' && $subject->getId() == 'admin') { // allow "admin" role for all permissions $rules[] = Rule::allow($subject); } elseif ($subject->getType() == 'role' && $subject->getId() == 'user') { // allow "user" role the read permission $rules[] = Rule::allow($subject, ['read']); } elseif ($subject->getType() == 'principal' && $subject->getId() == $record['owner']) { // allow the record owner CRUD permissions $rules[] = Rule::allow($subject, ['create', 'read', 'update', 'delete']); } } return new RuleAcl($target, $subjects, $rules, $parent); } } ``` Then put it all together. ``` // A list of all of your custom loaders $loaders = [new MyLoader()]; // Use the Cache Strategy to cache lookups $strategy = new \Caridea\Acl\CacheStrategy( new \Caridea\Acl\DelegateStrategy($loaders); ); $service = new \Caridea\Acl\Service($strategy); $subjects = MyClass::getSubjects(); // determine which subjects the user has $target = new Target('foobar', 123); $allowed = $service->can($subjects, 'delete', $target); try { $service->assert($subjects, 'delete', $target); } catch (\Caridea\Acl\Exception\Forbidden $e) { // not allowed! } ``` You might consider wiring up all your loaders and the `Service` class using dependency injection, for instance with `caridea/container`. ### Health Score 30 — LowBetter than 64% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity13 Limited adoption so far Community11 Small or concentrated contributor base Maturity64 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~82 days Recently: every ~127 days Total 9 Last Release 3053d ago Major Versions 1.0.0 → 2.0.02016-03-23 2.1.x-dev → 3.0.02018-01-07 PHP version history (3 changes)1.0.0PHP >=5.5.0 2.0.0PHP >=7.0.0 3.0.0PHP >=7.1.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/659262eac941ffe4795493834425fc9a2369c2c9df3cc565ed4194f1d37be934?d=identicon)[doublecompile](/maintainers/doublecompile) --- Top Contributors [![doublecompile](https://avatars.githubusercontent.com/u/4267230?v=4)](https://github.com/doublecompile "doublecompile (22 commits)") --- Tags authorizationaclpermissionsrbac ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/caridea-acl/health.svg) ``` [![Health](https://phpackages.com/badges/caridea-acl/health.svg)](https://phpackages.com/packages/caridea-acl) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k89.8M1.0k](/packages/spatie-laravel-permission)[santigarcor/laratrust This package provides a flexible way to add Role-based Permissions to Laravel 2.3k5.4M43](/packages/santigarcor-laratrust)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[casbin/casbin a powerful and efficient open-source access control library for php projects. 1.3k1.4M54](/packages/casbin-casbin)[hasinhayder/tyro Tyro - The ultimate Authentication, Authorization, and Role & Privilege Management solution for Laravel 12 & 13 6712.1k2](/packages/hasinhayder-tyro)[casbin/laravel-authz An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel. 324339.9k4](/packages/casbin-laravel-authz) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)