PHPackages                             hanaboso/acl-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. hanaboso/acl-bundle

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

hanaboso/acl-bundle
===================

Hanaboso - acl-bundle

1.12.0(3mo ago)14.6k↓35.7%Apache-2.0PHPPHP ^8.4

Since May 21Pushed 3mo ago1 watchersCompare

[ Source](https://github.com/hanaboso/acl-bundle)[ Packagist](https://packagist.org/packages/hanaboso/acl-bundle)[ RSS](/packages/hanaboso-acl-bundle/feed)WikiDiscussions master Synced yesterday

READMEChangelogDependencies (14)Versions (49)Used By (0)

Hanaboso AclBundle
==================

[](#hanaboso-aclbundle)

[![Build Status](https://camo.githubusercontent.com/1280bfdeb489e56f97538165afb17ab569ca03b094a3603cdc2d097fd6a7e94c/68747470733a2f2f7472617669732d63692e6f72672f68616e61626f736f2f61636c2d62756e646c652e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/hanaboso/acl-bundle)[![Coverage Status](https://camo.githubusercontent.com/c20563c36b265b725ec0ea6802cb13c60174d3e0ac91c289f4f7848dd65a4b9f/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f68616e61626f736f2f61636c2d62756e646c652f62616467652e7376673f6272616e63683d6d6173746572)](https://coveralls.io/github/hanaboso/acl-bundle?branch=master)[![PHPStan](https://camo.githubusercontent.com/ff3c7f8c8667ce643f47e74532748f673482a5f95d7d4269f925f2eebbe5117e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048505374616e2d6c6576656c253230382d627269676874677265656e)](https://img.shields.io/badge/PHPStan-level%208-brightgreen)[![Downloads](https://camo.githubusercontent.com/0aa86021c92be0a96363660cb13000f4f4392aca589e1f17deec19bf36cd45a1/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f68616e61626f736f2f61636c2d62756e646c65)](https://packagist.org/packages/hanaboso/acl-bundle)

Installation
------------

[](#installation)

- Download package via composer

```
composer require hanaboso/acl-bundle
```

Resources
---------

[](#resources)

All resources &amp; actions protected by ACL must by registered via enum and symfony parameters Configuration below shows registration of both Resource and Action enum, together with marking db documents beloging to given resources.

acl\_use\_cache allows caching with redis so that rules doesn't have to be loaded from db every time.

```
parameters:
    resource_enum: Hanaboso\AclBundle\Enum\ResourceEnum
    action_enum: AclBundleTests\testApp\ExtActionEnum
    acl_use_cache: true

    db_res:
        resources:
            # Add new resources to ResourceEnum class
            user: Hanaboso\UserBundle\Document\User
            tmp_user: Hanaboso\UserBundle\Document\TmpUser
            token: Hanaboso\UserBundle\Document\Token
            file: Hanaboso\CommonsBundle\FileStorage\Document\File
            group: Hanaboso\AclBundle\Document\Group
            rule: Hanaboso\AclBundle\Document\Rule

    # Optionals - can be empty: ~
    resource_actions:
        # [read, write, delete] by default (set in MaskFactory)
        default_actions: ['read', 'write', 'delete', 'test']
        # specific actions on top of default ones
        resources:
            token: ['test2']

```

resource\_actions is option parameter that allows extending default \['read', 'write', 'delete'\] actions. Only up to 32 different actions is allowed.

Rules
-----

[](#rules)

Rules are defined in two separate groups. Standard and Owner's rules.

Owner rules are applied only if object contains owner property and it's Id matches with logged user.

Rules set under fixture\_groups are global and apply to all instances regardless of ownership. Each rule has:

- level: priority of group. If ACL rules and groups are editable from users, each user can edit only itself &amp; lower priorities (protects superadmin from admin with lower priority)
- extends: includes rules from specified groups
- users: pre-generated users
- rules: specifies each resource with all rules allowed for given group

```
parameters:
    acl_rule:
        owner:
            # Key must match with key in acl.yml under resources
            user:   ['read', 'write']
            group:  ['read', 'write']

        fixture_groups:
            admin:
                level: 1
                extends:        ['user', 'test']
                users:
                    - {email: 'root@hanaboso.com', password: 'root'}
                rules:
                    group:      ['read']
                    user:       ['read', 'write', 'delete']
                    tmp_user:   ['read', 'write', 'delete']
                    token:      ['read', 'write']
                    topology:   ['read', 'write']
                    node:       ['read', 'write']
                    file:       ['read', 'write']
            user:
                level: 5
                extends:        ['test']
                users:
                rules:
                    topology:   ['read']
                    node:       ['read']
                    file:       ['read']

```

Entities/Documents
------------------

[](#entitiesdocuments)

AclBundle is dependant on UserBundle and both it's entities/documents must be registered to doctrine.

ORM mappings

```
UserEntity:
    type: annotation
    is_bundle: false
    dir: "%src_dir%/src/Entity"
    prefix: Hanaboso\UserBundle\Entity
AclEntity:
    type: annotation
    is_bundle: false
    dir: "%src_dir%/src/Entity"
    prefix: Hanaboso\AclBundle\Entity

```

ODM mappings

```
UserDocument:
    type: annotation
    is_bundle: false
    dir: "%src_dir%/src/Document"
    prefix: Hanaboso\UserBundle\Document
AclDocument:
    type: annotation
    is_bundle: false
    dir: "%src_dir%/src/Document"
    prefix: Hanaboso\AclBundle\Document

```

Usage in code
-------------

[](#usage-in-code)

Checking rules for given user is done via AccessManager's method isAllowed(string $action, string $resource, UserInterface $user, $object = NULL)

Request action &amp; resource is validated against enums registered above. UserInterface is taken from UserBundle and represents logged user. Object is optional parameter of object or it's Id.

Examples

```
isAllowed(ActionEnum::READ, ResourceEnum::Node, $loggedUser);
isAllowed(ActionEnum::READ, ResourceEnum::Node, $loggedUser, '1258');
isAllowed(ActionEnum::READ, ResourceEnum::Node, $loggedUser, $resource);

```

Usages of object parameter:

- NULL -&gt; check if $user has permission for Write or GroupPermission for Read &amp; Delete isAllowed(ActionEnum::READ, ResourceEnum::Node, $loggedUser); returns TRUE if allowed or throws an exception
- string -&gt; id of desired entity isAllowed(ActionEnum::READ, ResourceEnum::Node, $loggedUser, '1258'); returns desired entity if found and user has permission for asked action or throws an exception
- object -&gt; check permission for given entity isAllowed(ActionEnum::READ, ResourceEnum::Node, $loggedUser, $something); returns back given object or throws an exception
- other formats like array or int will only throws an exception

Generation of groups &amp; rules
--------------------------------

[](#generation-of-groups--rules)

All required entities/documents are generated via fixtures. After creating a new rule, it can be added with fixtures as well as it checks uniqueness.

###  Health Score

57

—

FairBetter than 98% of packages

Maintenance82

Actively maintained with recent releases

Popularity23

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity94

Battle-tested with a long release history

 Bus Factor1

Top contributor holds 86% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~61 days

Recently: every ~206 days

Total

48

Last Release

95d ago

PHP version history (8 changes)1.0.13PHP ^7.2

1.1.0PHP ^7.3

1.3.0PHP ^7.4

1.5.0PHP ^8.0

1.5.6PHP ^8.1

1.7.0PHP ^8.2

1.9.0PHP ^8.3

1.10.0PHP ^8.4

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/38781718?v=4)[Hanaboso](/maintainers/Hanaboso)[@hanaboso](https://github.com/hanaboso)

---

Top Contributors

[![JirsaR](https://avatars.githubusercontent.com/u/15608377?v=4)](https://github.com/JirsaR "JirsaR (49 commits)")[![radek-bruha](https://avatars.githubusercontent.com/u/7072163?v=4)](https://github.com/radek-bruha "radek-bruha (7 commits)")[![robotmurlocz](https://avatars.githubusercontent.com/u/110885271?v=4)](https://github.com/robotmurlocz "robotmurlocz (1 commits)")

### Embed Badge

![Health badge](/badges/hanaboso-acl-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/hanaboso-acl-bundle/health.svg)](https://phpackages.com/packages/hanaboso-acl-bundle)
```

###  Alternatives

[vitalybaev/laravel5-dkim

Laravel 5/6 package for signing outgoing messages with DKIM.

3163.1k](/packages/vitalybaev-laravel5-dkim)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
