PHPackages getpop/access-control - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [API Development](/categories/api) 4. / 5. getpop/access-control ActiveLibrary[API Development](/categories/api) getpop/access-control ===================== Access Control for schema elements 17.1.2(1mo ago)23.7k5GPL-2.0-or-laterPHPPHP ^8.1CI failing Since Jan 25Pushed 2w ago1 watchersCompare [ Source](https://github.com/getpop/access-control)[ Packagist](https://packagist.org/packages/getpop/access-control)[ Docs](https://github.com/getpop/access-control)[ RSS](/packages/getpop-access-control/feed)WikiDiscussions master Synced 1w ago READMEChangelogDependencies (12)Versions (152)Used By (5) Access Control ============== [](#access-control) Access Control for schema elements Install ------- [](#install) Via Composer ``` composer require getpop/access-control ``` Development ----------- [](#development) The source code is hosted on the [GatoGraphQL monorepo](https://github.com/GatoGraphQL/GatoGraphQL), under [`Engine/packages/access-control`](https://github.com/GatoGraphQL/GatoGraphQL/tree/master/layers/Engine/packages/access-control). Usage ----- [](#usage) Initialize the component: ``` \PoP\Root\App::stockAndInitializeModuleClasses([([ \PoP\AccessControl\Module::class, ]); ``` How does it work? ----------------- [](#how-does-it-work) Access control deals in 2 modes: Public/Private schema modes. The difference between Public and Private schema modes concerns the feedback given to the user when a validation fails. In Public mode, a detailed error message is given to the user (eg: "only users with role 'administrator' can access this field). In Private mode, there is no helpful information, instead the user is told that the field or directive does not exist. We need to implement 4 cases of access control: 1. Fields in Public schema mode 2. Directives in Public schema mode 3. Fields in Private schema mode 4. Directives in Private schema mode In Public schema mode, we can simply add a special directive that will validate the restriction (such as: is the user logged in? does the logged-in user have a specific role or capability?). In Private mode, we add a hook that filters out the field or directive before it is registered. In addition, whenever a validation must be performed to know if the user can access a field or directive, the response from the GraphQL server cannot be cached (when using component [Cache Control](https://github.com/getpop/cache-control)). For the Public mode this situation is automatically handled, since the directive validating if the user is logged in or not already indicates that the response cannot be cached. For the Private mode, however, we need to add a special directive `"NoCache"`. Hence, we need to deal with the following 2 cases: 1. `NoCache` for Fields in Private schema mode 2. `NoCache` for Directives in Private schema mode Standards --------- [](#standards) [PSR-1](https://www.php-fig.org/psr/psr-1), [PSR-4](https://www.php-fig.org/psr/psr-4) and [PSR-12](https://www.php-fig.org/psr/psr-12). To check the coding standards via [PHP CodeSniffer](https://github.com/PHPCSStandards/PHP_CodeSniffer), run: ``` composer check-style ``` To automatically fix issues, run: ``` composer fix-style ``` Change log ---------- [](#change-log) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Testing ------- [](#testing) To execute [PHPUnit](https://phpunit.de/), run: ``` composer test ``` Static Analysis --------------- [](#static-analysis) To execute [PHPStan](https://github.com/phpstan/phpstan), run: ``` composer analyse ``` Report issues ------------- [](#report-issues) To report a bug or request a new feature please do it on the [GatoGraphQL monorepo issue tracker](https://github.com/GatoGraphQL/GatoGraphQL/issues). Contributing ------------ [](#contributing) We welcome contributions for this package on the [GatoGraphQL monorepo](https://github.com/GatoGraphQL/GatoGraphQL) (where the source code for this package is hosted). Please see [CONTRIBUTING](CONTRIBUTING.md) and [CODE\_OF\_CONDUCT](CODE_OF_CONDUCT.md) for details. Security -------- [](#security) If you discover any security related issues, please email instead of using the issue tracker. Credits ------- [](#credits) - [Leonardo Losoviz](https://github.com/leoloso) - [All Contributors](../../../../../../contributors) License ------- [](#license) GNU General Public License v2 (or later). Please see [License File](LICENSE.md) for more information. ### Health Score 57 — FairBetter than 98% of packages Maintenance94 Actively maintained with recent releases Popularity23 Limited adoption so far Community16 Small or concentrated contributor base Maturity80 Battle-tested with a long release history Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~12 days Total 151 Last Release 41d ago Major Versions 12.2.2 → 13.0.02025-05-23 13.2.0 → 14.0.02025-09-09 14.0.4 → 15.0.02025-09-23 15.3.0 → 16.0.02026-01-12 16.0.3 → 17.0.02026-03-03 PHP version history (3 changes)0.7.6PHP ^7.4|^8.0 0.8.1PHP ^8.0 0.9.0PHP ^8.1 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/1981996?v=4)[Leonardo Losoviz](/maintainers/leoloso)[@leoloso](https://github.com/leoloso) ![](https://www.gravatar.com/avatar/d5a0a064bae63a335ddd796bb69ab38e1d01420d14bfcc8e3d4e1550922ac60b?d=identicon)[getpop](/maintainers/getpop) --- Top Contributors [![leoloso](https://avatars.githubusercontent.com/u/1981996?v=4)](https://github.com/leoloso "leoloso (690 commits)") --- Tags phpgraphqlGatoGatoGraphQLAccessControl ### Code Quality TestsPHPUnit Static AnalysisPHPStan, Rector Code StylePHP\_CodeSniffer Type Coverage Yes ### Embed Badge ![Health badge](/badges/getpop-access-control/health.svg) ``` [![Health](https://phpackages.com/badges/getpop-access-control/health.svg)](https://phpackages.com/packages/getpop-access-control) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)