PHPackages                             drago-ex/permission - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. drago-ex/permission

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

drago-ex/permission
===================

Lightweight ACL and role management.

v2.1.0(2w ago)01662MITPHPPHP &gt;=8.3 &lt;9CI passing

Since Jan 14Pushed 2w agoCompare

[ Source](https://github.com/drago-ex/permission)[ Packagist](https://packagist.org/packages/drago-ex/permission)[ RSS](/packages/drago-ex-permission/feed)WikiDiscussions main Synced today

READMEChangelog (10)Dependencies (30)Versions (13)Used By (2)

Drago Permission
================

[](#drago-permission)

Lightweight ACL and role management. The package provides a central ACL factory, modular permission registration per module, and automatic authorization checks in presenters.

[![License: MIT](https://camo.githubusercontent.com/fdf2982b9f5d7489dcf44570e714e3a15fce6253e0cc6b5aa61a075aac2ff71b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d79656c6c6f772e737667)](https://github.com/drago-ex/permission/blob/main/license)[![PHP version](https://camo.githubusercontent.com/f71e1c83b1553d536ca0885dd94ce893d267aa6b572332919effb951fa5be21e/68747470733a2f2f62616467652e667572792e696f2f70682f647261676f2d65782532467065726d697373696f6e2e737667)](https://badge.fury.io/ph/drago-ex%2Fpermission)[![Tests](https://github.com/drago-ex/permission/actions/workflows/tests.yml/badge.svg)](https://github.com/drago-ex/permission/actions/workflows/tests.yml)[![Coding Style](https://github.com/drago-ex/permission/actions/workflows/coding-style.yml/badge.svg)](https://github.com/drago-ex/permission/actions/workflows/coding-style.yml)

Requirements
------------

[](#requirements)

- PHP &gt;= 8.3
- Nette Framework
- Composer

Installation
------------

[](#installation)

```
composer require drago-ex/permission
```

Features
--------

[](#features)

- Central ACL creation
- Modular permission providers per module
- Default roles: guest, user, admin
- Automatic presenter authorization
- Action and signal based privileges

Related Package: Dynamic Role Management
----------------------------------------

[](#related-package-dynamic-role-management)

For dynamic role and access management, use:

- `drago-ex/project-permission`:

This package is built on top of `drago-ex/permission` and provides:

- role creation
- assigning roles to users
- allowing or denying access per role

Roles
-----

[](#roles)

Default roles:

- guest
- user (inherits from guest)
- admin (inherits from user)

Roles are registered automatically.

Permission Factory
------------------

[](#permission-factory)

PermissionFactory creates a Nette\\Security\\Permission instance, registers default roles, and runs all registered permission providers.

Providers are collected via DI tags.

Permission Providers
--------------------

[](#permission-providers)

Each module registers its own permissions using a Provider implementation.

Providers:

- register ACL resources
- define allow / deny rules
- live inside the module they belong to

Typical resource naming:

- Backend:Sign
- Frontend:Article

Example provider for a Sign module:

```
use Drago\Permission\Provider;
use Drago\Permission\Role;
use Nette\Security\Permission;

final class PermissionProvider implements Provider
{
	private const string Resource = 'Backend:Sign';

	public function register(Permission $acl): void
	{
		$acl->addResource(self::Resource);
		$acl->allow(Role::RoleGuest, self::Resource);
	}
}
```

This registers the `Backend:Sign` resource and grants access to guests (unauthenticated users), which is the minimum required for the login page to be accessible.

Permission Generator (CLI)
--------------------------

[](#permission-generator-cli)

The package provides a generator for module providers:

```
vendor/bin/create-permission
```

General usage:

```
vendor/bin/create-permission   [Resource] [OutputDir] [options]
```

When you use the shared `PermissionProvider` class name, pass the resource and output directory explicitly. The class name is intentionally the same in every module and the namespace decides where the provider belongs.

Example for a Sign module:

```
vendor/bin/create-permission PermissionProvider App\Presentation\Sign Sign app/Presentation/Sign
```

Example for an Admin module:

```
vendor/bin/create-permission PermissionProvider App\Presentation\Backend\Admin Backend:Admin app/Presentation/Backend/Admin --allow-role=RoleAdmin --allow-with-resource=0
```

### Options

[](#options)

- `--allow-role=` default `RoleGuest`
- `--allow-privilege=` optional privilege argument for `allow()`
- `--add-resource=` default `1` (generate `$acl->addResource(...)`)
- `--allow-with-resource=` default `1` (generate `allow(..., self::Resource)`)
- `--allow=` repeatable, custom allow rules
- `--force` overwrite existing file

`--allow` formats:

- `--allow=RoleAdmin`
- `--allow=RoleUser,self::Resource`
- `--allow=RoleUser,self::Resource,default`

Multi-rule example:

```
vendor/bin/create-permission PermissionProvider App\Presentation\Backend\Admin Backend:Admin app/Presentation/Backend/Admin --allow=RoleAdmin --allow=RoleUser,self::Resource,default
```

Generated `register()` example:

```
public function register(Permission $acl): void
{
	$acl->addResource(self::Resource);
	$acl->allow(Role::RoleAdmin);
	$acl->allow(Role::RoleUser, self::Resource, 'default');
}
```

### Module Wrapper Scripts

[](#module-wrapper-scripts)

For one-command generation per module, add a local wrapper script in your app, e.g. `bin/create-admin-permission`. The class can keep the same `PermissionProvider` name in each module because every module has its own namespace:

```
#!/usr/bin/env php
