PHPackages glueful/aegis - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. glueful/aegis ActiveGlueful-extension[Authentication & Authorization](/categories/authentication) glueful/aegis ============= Aegis: Role-Based Access Control extension for Glueful v1.5.0(3mo ago)028MITPHPPHP ^8.3 Since Sep 14Pushed 3mo agoCompare [ Source](https://github.com/glueful/aegis)[ Packagist](https://packagist.org/packages/glueful/aegis)[ Docs](https://github.com/glueful/aegis)[ RSS](/packages/glueful-aegis/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (3)Versions (15)Used By (0) Aegis (RBAC) Extension for Glueful ================================== [](#aegis-rbac-extension-for-glueful) Overview -------- [](#overview) Aegis provides a comprehensive, modern Role-Based Access Control (RBAC) system for your Glueful application. It implements hierarchical roles, direct user permissions, resource-level filters, and optional audit logging. Features -------- [](#features) - **Hierarchical roles**: Create nested roles with inheritance - **Direct user permissions**: Per-user grants that override role permissions - **Resource-level filters**: Limit permissions to specific resources/types - **Temporal permissions**: Expiry on roles and direct grants - **Scoped access**: Multi-tenant friendly with scoping - **Audit service**: Structured audit helpers + optional check logging - **Multi-layer caching**: In-memory + distributed cache via CacheStore - **REST API**: Full CRUD + assignment endpoints - **Flexible config**: Tunable caching, inheritance, and logging Installation ------------ [](#installation) ### Installation (Recommended) [](#installation-recommended) **Install via Composer** ``` composer require glueful/aegis # Rebuild the extensions cache after adding new packages php glueful extensions:cache ``` Glueful auto-discovers packages of type `glueful-extension` and boots their service providers. Enable/disable in development: ``` # Enable (adds provider to config/extensions.php) php glueful extensions:enable Aegis # Disable in dev php glueful extensions:disable Aegis ``` Run database migrations (if not auto-run by your workflow): ``` php glueful migrate:run ``` ### Local Development Installation [](#local-development-installation) If you're working locally (without Composer), place the extension in `extensions/Aegis`, ensure `config/extensions.php` has `local_path` pointing to `extensions` (non‑prod). Enable the provider for development (choose one): - CLI (recommended): ``` php glueful extensions:enable Aegis ``` - Manual `config/extensions.php` edit: ``` return [ 'enabled' => [ // ... other providers Glueful\\Extensions\\Aegis\\Services\\AegisServiceProvider::class, ], 'dev_only' => [ // Optionally keep Aegis dev-only ], 'local_path' => env('APP_ENV') === 'production' ? null : 'extensions', 'scan_composer' => true, ]; ``` Run the migrations to create the necessary database tables: ``` php glueful migrate run ``` 3. Generate API documentation (optional, if your tooling supports it): ``` php glueful generate:json doc ``` 4. Restart your web server to apply the changes. ### Verify Installation [](#verify-installation) Check status and details: ``` php glueful extensions:list php glueful extensions:info Aegis php glueful extensions:why Glueful\\Extensions\\Aegis\\Services\\AegisServiceProvider ``` Post-install checklist: - Run migrations (if not auto-run): `php glueful migrate run` - Hit an endpoint to verify: `GET /rbac/roles` - Rebuild cache after Composer operations: `php glueful extensions:cache` - Check logs for initialization messages or errors ### Quick Start [](#quick-start) Create a role, assign it to a user, and verify via the API. Replace placeholders before running: - `API_BASE` with your base URL (e.g., ) - `TOKEN` with a valid bearer token - `USER_UUID` with an existing user's UUID ``` API_BASE=http://localhost:8000 TOKEN="" USER_UUID="" # 1) Create a role create_resp=$(curl -s -X POST "$API_BASE/rbac/roles" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "name": "Editor", "slug": "editor", "description": "Can edit content" }') # Extract role UUID (requires jq). If jq is unavailable, inspect $create_resp ROLE_UUID=$(printf "%s" "$create_resp" | jq -r '.data.uuid') echo "Created role UUID: $ROLE_UUID" # 2) Assign the role to a user curl -s -X POST "$API_BASE/rbac/roles/$ROLE_UUID/assign" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d "{\n \"user_uuid\": \"$USER_UUID\",\n \"scope\": {\"tenant_id\": \"tenant_1\"}\n }" | jq . # 3a) Verify: list the user's roles curl -s "$API_BASE/rbac/users/$USER_UUID/roles" \ -H "Authorization: Bearer $TOKEN" | jq . # 3b) Verify: explicit role check by slug curl -s -X POST "$API_BASE/rbac/users/$USER_UUID/check-role" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "role_slug": "editor" }' | jq . ``` ### Quick Start (PHP) [](#quick-start-php) Programmatic equivalent using the container and services: ```