PHPackages                             damejidlo/permissions - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. damejidlo/permissions

AbandonedArchivedLibrary[Authentication &amp; Authorization](/categories/authentication)

damejidlo/permissions
=====================

2.0.1(6y ago)116.1k1MITPHPPHP &gt;=7.1

Since Mar 25Pushed 6y ago1 watchersCompare

[ Source](https://github.com/damejidlo/permissions)[ Packagist](https://packagist.org/packages/damejidlo/permissions)[ RSS](/packages/damejidlo-permissions/feed)WikiDiscussions master Synced today

READMEChangelog (4)Dependencies (5)Versions (5)Used By (0)

[![Downloads this Month](https://camo.githubusercontent.com/913a2e421d2e04514c79aa01f53679fc5b85f920dfb4c18aecffecbc7ef3fda8/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f646d2f64616d656a69646c6f2f7065726d697373696f6e732e737667)](https://packagist.org/packages/damejidlo/permissions)[![Latest Stable Version](https://camo.githubusercontent.com/cb01c4062bafcdf51eaaf0627edd9a7c1d1a9b1bdd4d316f92fc8ac971e59a2e/68747470733a2f2f706f7365722e707567782e6f72672f64616d656a69646c6f2f7065726d697373696f6e732f762f737461626c65)](https://github.com/damejidlo/permissions/releases)[![](https://camo.githubusercontent.com/40a25e3ed8bd84945af73e9134e5e407d5fea72fccd1d2e7b9f0e2709212d409/68747470733a2f2f7472617669732d63692e6f72672f64616d656a69646c6f2f7065726d697373696f6e732e7376673f6272616e63683d6d6173746572)](https://camo.githubusercontent.com/40a25e3ed8bd84945af73e9134e5e407d5fea72fccd1d2e7b9f0e2709212d409/68747470733a2f2f7472617669732d63692e6f72672f64616d656a69646c6f2f7065726d697373696f6e732e7376673f6272616e63683d6d6173746572)[![](https://camo.githubusercontent.com/16a3b3409e5e521824b727d7bc0902cf9db364b40c5cc6fb525c40819d48d3a0/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f64616d656a69646c6f2f7065726d697373696f6e732f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://camo.githubusercontent.com/16a3b3409e5e521824b727d7bc0902cf9db364b40c5cc6fb525c40819d48d3a0/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f64616d656a69646c6f2f7065726d697373696f6e732f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)[![](https://camo.githubusercontent.com/434a26c5aded604abfd9c4202ef85c866698e4bee43ed59518aaca90bd1ca324/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f64616d656a69646c6f2f7065726d697373696f6e732f6261646765732f636f7665726167652e706e673f623d6d6173746572)](https://camo.githubusercontent.com/434a26c5aded604abfd9c4202ef85c866698e4bee43ed59518aaca90bd1ca324/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f64616d656a69646c6f2f7065726d697373696f6e732f6261646765732f636f7665726167652e706e673f623d6d6173746572)

Motivation
==========

[](#motivation)

Purpose of this library is to add User specific data to `isAllowed` evaluation. Assertion callback got `IUser` directly as first argument.

This solves biggest "problem" of native ACL in Nette such is:

```
	$callback = function (IUser $user, $queriedRole, $queriedResource) {
		return $user->getEntity()->getId() === $queriedResource->getEntity()->getCreatorId();
	};

	// god can destroy world, but only the one he created
	$authorizator->allow('god', 'world', 'destroy', $callback);
```

Another aspect of this library is separating Authorizator from `Nette\Security\User` as it's definitely not users responsibility to provide this functionality.

Disclaimer
==========

[](#disclaimer)

This library is written to be as much as possible similar to `Permission` class in Nette. However evaluation of rules is written from scratch.

And therefore:

- does not implement `Nette\Security\IAuthorizator` (it can't due to different `isAllowed` method API),
- can be significantly **slower** (but is written nicely),
- there is no guarantee that behaves 100% same way.

Installation
============

[](#installation)

```
composer require damejidlo/permission

```

Configuration
=============

[](#configuration)

`AccessList` and `Neon`
-----------------------

[](#accesslist-and-neon)

Example implementation of your own `AccessList` service.

```
class AccessList extends Authorizator
{
	/**
	 * @param string[][] $roles
	 */
	public function addRoles(array $roles)
	{
		foreach ($roles as $role => $parentRoles) {
			$this->addRole($role, $parentRoles);
		}
	}

	/**
	 * @param @param string[] $resources
	 */
	public function addResources(array $resources)
	{
		foreach ($resources as $resource) {
			$this->addResource($resource);
		}
	}

	/**
	 * @param string[][][] $directives
	 */
	public function addDirectives(array $directives)
	{
		foreach ($directives as $resource => $resourceDirectives) {
			foreach ($resourceDirectives as $privilege => $privilegeDirectives) {
				foreach ($privilegeDirectives as $roleIdentifier => $directiveType) {
					$this->createDirective($directiveType, $roleIdentifier, $resource, $privilege);
				}
			}
		}
	}

	public function someStuff()
	{
		$callback = function (IUser $user, $queriedRole, $queriedResource) {
			return $user->getEntity()->getId() === $queriedResource->getEntity()->getCreatorId();
		};

		// god can destroy world, but only the one he created
		$authorizator->allow('god', 'world', 'destroy', $callback);
	}
}
```

Then just add to your `config.neon`

```
parameters:
	acl:
		roles:
			writer: []
			reviewer: [writer]

		resources:
			- article

		directives:
			article:
				create:
					writer: allow
				publish:
					reviewer: allow

services:
	acl:
		class: YourProject\Security\AccessList
		setup:
			- addRoles(%acl.roles%)
			- addResources(%acl.resources%)
			- addDirectives(%acl.directives%)
			- someStuff() # here we can do some "cool stuff"
```

Create your `AclUser`
---------------------

[](#create-your-acluser)

```
class AclUser extends Object implements IUser
{
	// Implement `getRoles` method
}
```

Creating your own `Nette\Security\User`
---------------------------------------

[](#creating-your-own-nettesecurityuser)

You need to create your own `User` service

```
class MyLoggedUser extends \Nette\Security\User
{
	/**
	 * @param IUserStorage $storage
	 * @param IAuthenticator|NULL $authenticator
	 */
	public function __construct(IUserStorage $storage, IAuthenticator $authenticator = NULL)
	{
		parent::__construct($storage, $authenticator); // No IAuthorizator here !!!
	}

	/**
	 * @inheritdoc
	 */
	public function isAllowed($resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL)
	{
		throw new LogicException('Use Damejidlo\ACL\Authorizator directly. User shouldn\'t have such a responsibility');
	}

	/**
	 * @inheritdoc
	 */
	public function isInRole($role)
	{
		throw new LogicException('Use Damejidlo\ACL\Authorizator directly. User shouldn\'t have such a responsibility');
	}

	/**
	 * @return AclUser
	 */
	public function getAclUser()
	{
		$entity = $this->getEntity(); // depens on your implementation
		return new AclUser($entity, $this->getRoles());
	}
}
```

```
services:
    user: Some\Namespace\MyLoggedUser
```

Load your Authorizator into template
------------------------------------

[](#load-your-authorizator-into-template)

Best way is to create your own `TemplateFactory`. And in `createTemplate` method just call:

```
	/**
	 * @param Control|NULL $control
	 * @return Template
	 */
	public function createTemplate(Control $control = NULL)
	{
		$template = parent::createTemplate($control);

		// Some stuff (helper registration, etc...)

		$template->setParameters([
			'authorizator' => $this->authorizator,
		]);

		return $template;
	}
```

Usage
=====

[](#usage)

And now, profit!

```
	// In some Presenter

	public function handleDestroy($worldId)
	{
		$world = $this->worldFinder->findWorld($worldId);
		$resource = new WorldResource($world);
		$permission = 'destroy';

		if (!$this->authorizator->isAllowed($this->user->getAclUser(), $resource, $permission) {
			throw new NotAllowedException($resource, $permission);
		}
	}
```

###  Health Score

31

—

LowBetter than 66% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity18

Limited adoption so far

Community12

Small or concentrated contributor base

Maturity61

Established project with proven stability

 Bus Factor1

Top contributor holds 88.9% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~402 days

Total

4

Last Release

2541d ago

Major Versions

1.1 → 2.02019-07-15

PHP version history (2 changes)1.0.0PHP &gt;=5.6

2.0PHP &gt;=7.1

### Community

Maintainers

![](https://www.gravatar.com/avatar/5b4780fe328102c4572737db639653c29d3081d1d3e051467f00d7f09a776399?d=identicon)[xificurk](/maintainers/xificurk)

![](https://www.gravatar.com/avatar/b3f983a273eb3bc54d3db5cabe321dfd85e40cd846c50eb8bb6bbe19b02e48a6?d=identicon)[ondrejbouda](/maintainers/ondrejbouda)

![](https://www.gravatar.com/avatar/295525512eb83035f5ec07a5a94e0c4be2a2ac3ac2d06e3774a24e1bac2e118b?d=identicon)[legendik](/maintainers/legendik)

---

Top Contributors

[![legendik](https://avatars.githubusercontent.com/u/2327491?v=4)](https://github.com/legendik "legendik (8 commits)")[![VaclavSir](https://avatars.githubusercontent.com/u/1473642?v=4)](https://github.com/VaclavSir "VaclavSir (1 commits)")

---

Tags

nettesecurityaclpermission

### Embed Badge

![Health badge](/badges/damejidlo-permissions/health.svg)

```
[![Health](https://phpackages.com/badges/damejidlo-permissions/health.svg)](https://phpackages.com/packages/damejidlo-permissions)
```

###  Alternatives

[spatie/laravel-permission

Permission handling for Laravel 12 and up

12.9k98.0M1.3k](/packages/spatie-laravel-permission)[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k3.5M118](/packages/bezhansalleh-filament-shield)[nette/security

🔑 Nette Security: provides authentication, authorization and a role-based access control management via ACL (Access Control List)

3779.6M307](/packages/nette-security)[efficiently/authority-controller

AuthorityController is an PHP authorization library for Laravel 5 which restricts what resources a given user is allowed to access.

15433.2k](/packages/efficiently-authority-controller)[hosseinhezami/laravel-permission-manager

Advanced permission manager for Laravel.

383.3k](/packages/hosseinhezami-laravel-permission-manager)[wnikk/laravel-access-rules

Simple system of ACR (access control rules) for Laravel, with roles, groups, unlimited inheritance and possibility of multiplayer use.

103.7k1](/packages/wnikk-laravel-access-rules)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)