PHPackages                             flownative/flow-extraprivileges - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. flownative/flow-extraprivileges

ActiveNeos-package[Security](/categories/security)

flownative/flow-extraprivileges
===============================

A package with some extra privilege implementations (to be included into Flow 5.x eventually)

213PHP

Since Aug 27Pushed 7y ago2 watchersCompare

[ Source](https://github.com/flownative/flow-extraprivileges)[ Packagist](https://packagist.org/packages/flownative/flow-extraprivileges)[ RSS](/packages/flownative-flow-extraprivileges/feed)WikiDiscussions master Synced yesterday

READMEChangelogDependenciesVersions (1)Used By (0)

[![MIT license](https://camo.githubusercontent.com/4661abfe916186acde514558e7f040833cb63ba7098401a51ce339cbb2b4cf9e/687474703a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e737667)](http://opensource.org/licenses/MIT)[![Packagist](https://camo.githubusercontent.com/8205e63ffd78869f52b18d971e6cc65867faa419207db62daaf5b60644a1815b/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f666c6f776e61746976652f666c6f772d657874726170726976696c656765732e737667)](https://packagist.org/packages/flownative/flow-extraprivileges)[![Maintenance level: Acquaintance](https://camo.githubusercontent.com/750673d8ac23cfeb2421a23f118f82ce29736a494ebee758ee5362010e1dbfe9/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6d61696e74656e616e63652d2545322539392541312d6666363962342e737667)](https://www.flownative.com/en/products/open-source.html)

Custom Entity Privileges for Flow
=================================

[](#custom-entity-privileges-for-flow)

A package with some extra privilege implementations (to be included into Flow 5.0 eventually)

Installation
------------

[](#installation)

`composer require flownative/flow-extraprivileges`

Usage
-----

[](#usage)

After installing the package, a few new privileges may be used in your security policy.

### Available privileges

[](#available-privileges)

The package provides four new privileges:

- `Flownative\Flow\ExtraPrivileges\Security\Authorization\Privilege\Entity\ReadPrivilege`
- `Flownative\Flow\ExtraPrivileges\Security\Authorization\Privilege\Entity\CreatePrivilege`
- `Flownative\Flow\ExtraPrivileges\Security\Authorization\Privilege\Entity\UpdatePrivilege`
- `Flownative\Flow\ExtraPrivileges\Security\Authorization\Privilege\Entity\DeletePrivilege`

The `ReadPrivilege` is a drop-in replacement for the `EntityPrivilege` shipped with Flow. It exists to lessen potential for confusion, since the name `EntityPrivilege` is rather ambiguous, but the privilege deals only with reading of entities.

The other three privileges offer new functionality and allow to secure the creation, updating and deletion of entities. Here is an example (to be used in *Policy.yaml*):

```
privilegeTargets:

  # the "CreatePrivilege" is checked only for freshly created entities
  'Flownative\Flow\ExtraPrivileges\Security\Authorization\Privilege\Entity\CreatePrivilege':
    'Acme.PrivilegesUser:CreateInvoice':
      # matches any "Invoice" entity
      matcher: 'q(entity).is("[instanceof Acme\PrivilegesUser\Domain\Model\Invoice]")'
    'Acme.PrivilegesUser:CreateExpensiveInvoice':
      # matches ony "Invoice" entities with a total "amount" of more than 10
      matcher: >
        q(entity).is("[instanceof Acme\PrivilegesUser\Domain\Model\Invoice]")
        && q(entity).property("amount") > 10

  # the "UpdatePrivilege" is checked only for existing entities that are updated
  'Flownative\Flow\ExtraPrivileges\Security\Authorization\Privilege\Entity\UpdatePrivilege':
    'Acme.PrivilegesUser:UpdateInvoice':
      # matches any "Invoice" entity being updated
      matcher: 'q(entity).is("[instanceof Acme\PrivilegesUser\Domain\Model\Invoice]")'
    'Acme.PrivilegesUser:UpdateExpensiveInvoice':
      # matches only "Invoice" entities being updated with a total "amount" of more than 10
      # in either the (unchanged) "originalEntityData" or the already changed "entity"
      matcher: >
        q(entity).is("[instanceof Acme\PrivilegesUser\Domain\Model\Invoice]")
        && (q(entity).property("amount") > 10
        || q(originalEntityData).property("amount") > 10)

  'Flownative\Flow\ExtraPrivileges\Security\Authorization\Privilege\Entity\DeletePrivilege':
    'Acme.PrivilegesUser:DeleteInvoice':
      # matches any "Invoice" entity
      matcher: 'q(entity).is("[instanceof Acme\PrivilegesUser\Domain\Model\Invoice]")'
    'Acme.PrivilegesUser:DeleteExpensiveInvoice':
      # matches only "Invoice" entities being updated with a total "amount" of more than 10
      # in the (unchanged) "originalEntityData"
      matcher: >
        q(entity).is("[instanceof Acme\PrivilegesUser\Domain\Model\Invoice]")
        && q(originalEntityData).property("amount") > 10

```

##### Matcher syntax

[](#matcher-syntax)

The matcher syntax shown above differs from the syntax known from the `EntityPrivilege` in Flow (and that is unchanged for the `Entity\ReadPrivilege` in this package). The matcher syntax is regular Eel with support for FlowQuery, and there are two special items available in the context:

- `entity` is the actual entity that is being checked
- `originalEntityData` is an array with property values as they were loaded from the persistence

Keep in mind that checking for the type of entity is only possible on `entity`, the other item is an array and will never match a check against a class!

##### Eel helpers

[](#eel-helpers)

In addition to these two, Eel helpers are available in the context, as configured in the settings with `Flownative.Flow.ExtraPrivileges.defaultContext`:

- `String`: `Neos\Eel\Helper\StringHelper`
- `Array`: `Neos\Eel\Helper\ArrayHelper`
- `Date`: `Neos\Eel\Helper\DateHelper`
- `Configuration`: `Neos\Eel\Helper\ConfigurationHelper`
- `Math`: `Neos\Eel\Helper\MathHelper`
- `Json`: `Neos\Eel\Helper\JsonHelper`
- `Security`: `Neos\Eel\Helper\SecurityHelper`
- `Type`: `Neos\Eel\Helper\TypeHelper`

### Fluid (view) integration

[](#fluid-view-integration)

The `ifAccess` view helper is used to check for access to a privilege target. With the new privileges, it has been expanded to accept the entity to check against in the parameter `subject`.

```

   This is being shown in case you have access to the given privilege target

```

Background
----------

[](#background)

Further information and details on the reasoning behind this package may be found in [Custom Privilege Targets](Documentation/Custom-Privilege-Targets.md).

Credits
-------

[](#credits)

Development of this package has been sponsored by clicsoft gmbh, Zug, Switzerland.

###  Health Score

21

—

LowBetter than 19% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity8

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity40

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/10280881?v=4)[Flownative](/maintainers/flownative)[@flownative](https://github.com/flownative)

---

Top Contributors

[![kdambekalns](https://avatars.githubusercontent.com/u/95873?v=4)](https://github.com/kdambekalns "kdambekalns (19 commits)")

### Embed Badge

![Health badge](/badges/flownative-flow-extraprivileges/health.svg)

```
[![Health](https://phpackages.com/badges/flownative-flow-extraprivileges/health.svg)](https://phpackages.com/packages/flownative-flow-extraprivileges)
```

###  Alternatives

[defuse/php-encryption

Secure PHP Encryption Library

3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories

Prevents installation of composer packages with known security vulnerabilities: no API, simply require it

2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs

A PHP library for XML Security

41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php

Realistic password strength estimation PHP library based on Zxcvbn JS

86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker

A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

33732.2M110](/packages/enlightn-security-checker)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)