PHPackages gabesullice/attribute\_access\_policies - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. gabesullice/attribute\_access\_policies ActiveDrupal-module[Authentication & Authorization](/categories/authentication) gabesullice/attribute\_access\_policies ======================================= Provide custom attribute-based access policies for any entity 19PHP Since Jun 21Pushed 8y agoCompare [ Source](https://github.com/gabesullice/attribute_access_policies)[ Packagist](https://packagist.org/packages/gabesullice/attribute_access_policies)[ RSS](/packages/gabesullice-attribute-access-policies/feed)WikiDiscussions master Synced yesterday READMEChangelogDependenciesVersions (1)Used By (0) Attribute-based Access Policies =============================== [](#attribute-based-access-policies) Attribute-based Access Policies is special implementation of a Policy plugin as defined by the [Entity Access Policies module](https://github.com/gabesullice/entity_access_policies) module. Attribute policies are written in YAML. Overview -------- [](#overview) In english, attribute policies read like this: "If a user has a certain field value, and an entity has a certain value, the user should be able to do X, Y or Z to the entity." In YAML, they read like this: ``` id: 'first_letter_policy' # Arbitrary, unique name. entity_types: ['taxonomy_term'] # Can be a list of any entity types. operations: ['view', 'delete'] # Can be a list of one or many of: 'view', 'update', 'delete' entity_condition: # The condition to evaluate for the entity members: - type: condition property: 'name.0.value' # The field path. These can traverse entity references! operator: 'STARTS_WITH' # See available operators below. comparison: 'a' user_condition: # The condition to evaluate for the user members: - type: condition property: 'name.0.value' operator: 'STARTS_WITH' comparison: 'B' ``` The above policy would let any user with a username starting with the character `B`, *view* or *delete* any taxonomy term whose name begins with the character `a`. Let's get complicated --------------------- [](#lets-get-complicated) You can go *craaazy* with your conditions. There are two types of conditions that can go under the `member` key. Those are: `condition` and `condition_group`. `condition_group` - `conjunction` - Allowed values are `AND` or `OR`. The default is `AND`. - `members` - Allowed values are just more nested `condition` and `condition_group`s. The default is just an empty list. `condition_group` - `property` - The value of the entity to evaluate. You can think of this like a property selector. You can get deeply nested values by chaining fields together. You can read more about the path syntax below. - `operator` - Allowed values are: `=` `` `=` `CONTAINS` `IN` `NOT IN` `STARTS_WITH` `ENDS_WITH` `BETWEEN` `NOT BETWEEN`. The default is `=`. - `comparison` - This is the value that you want to compare against. E.g. `10` or `'foo'` **Property Paths** Property paths can follow the field names and properties of those paths. They can collect values from multi-value fields and can even traverse entity references. The syntax is simple, just concatenate your field names, property names, and indices with dots `.`. Example: `uid.0.name.value` Remember that all fields in Drupal actually are *multi-value* fields. So if you omit an index, you're going to get a **list** of values. Not a single value. Choose your operator accordingly. You can't compare a single value with a list. This would **not work** `5 = [1, 1, 2, 3, 5]`. However, this **would work** : `5 IN [1, 1, 2, 3, 5]`. ### Health Score 20 — LowBetter than 14% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity6 Limited adoption so far Community6 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/19860d285db7c073b28918b8f34952644ee7f1c37b774d950db8826048fef788?d=identicon)[gabesullice](/maintainers/gabesullice) --- Top Contributors [![gabesullice](https://avatars.githubusercontent.com/u/4500265?v=4)](https://github.com/gabesullice "gabesullice (15 commits)") ### Embed Badge ![Health badge](/badges/gabesullice-attribute-access-policies/health.svg) ``` [![Health](https://phpackages.com/badges/gabesullice-attribute-access-policies/health.svg)](https://phpackages.com/packages/gabesullice-attribute-access-policies) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)