PHPackages                             hoa/acl - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. hoa/acl

AbandonedArchivedLibrary[Authentication &amp; Authorization](/categories/authentication)

hoa/acl
=======

The Hoa\\Acl library.

1.17.05.02(9y ago)2765110[2 issues](https://github.com/hoaproject/Acl/issues)[2 PRs](https://github.com/hoaproject/Acl/pulls)BSD-3-ClausePHP

Since Sep 16Pushed 5y ago9 watchersCompare

[ Source](https://github.com/hoaproject/Acl)[ Packagist](https://packagist.org/packages/hoa/acl)[ Docs](https://hoa-project.net/)[ RSS](/packages/hoa-acl/feed)WikiDiscussions master Synced 3d ago

READMEChangelog (10)Dependencies (4)Versions (16)Used By (0)

 [![Hoa](https://camo.githubusercontent.com/2b5c32c5d4bc5e9298821b22d364a522e2dbc0295c1c011b1f9f86a4d07df07e/68747470733a2f2f7374617469632e686f612d70726f6a6563742e6e65742f496d6167652f486f612e737667)](https://camo.githubusercontent.com/2b5c32c5d4bc5e9298821b22d364a522e2dbc0295c1c011b1f9f86a4d07df07e/68747470733a2f2f7374617469632e686f612d70726f6a6563742e6e65742f496d6167652f486f612e737667)

---

 [![Build status](https://camo.githubusercontent.com/4f36750ad608795a3bddd5ea7885b85a39b9e9b713f33ba60460aa86214a3093/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f686f6170726f6a6563742f41636c2f6d61737465722e737667)](https://travis-ci.org/hoaproject/Acl) [![Code coverage](https://camo.githubusercontent.com/e2eb82690c7e65f5eb5c78c901801a0384a6ab543409c4ad1979acbdd7f0a61f/68747470733a2f2f696d672e736869656c64732e696f2f636f766572616c6c732f686f6170726f6a6563742f41636c2f6d61737465722e737667)](https://coveralls.io/github/hoaproject/Acl?branch=master) [![Packagist](https://camo.githubusercontent.com/84e2387d3c0ee69f3cfa6e470315ad0866244bad62d4c1fc186da031ce674081/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f686f612f61636c2e737667)](https://packagist.org/packages/hoa/acl) [![License](https://camo.githubusercontent.com/7d60d600d6c19525fb87efcb6f1d98e325df7726ac3ff91dd48ab3cea8b6dbb5/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f686f612f61636c2e737667)](https://hoa-project.net/LICENSE)

 Hoa is a **modular**, **extensible** and **structured** set of PHP libraries.
 Moreover, Hoa aims at being a bridge between industrial and research worlds.

Hoa\\Acl
========

[](#hoaacl)

[![Help on IRC](https://camo.githubusercontent.com/4dbc9c9d28c30cf1ab591f4bb8212fe4dbddc734145df532a9bb86b09878d4c6/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f68656c702d253233686f6170726f6a6563742d6666303036362e737667)](https://webchat.freenode.net/?channels=#hoaproject)[![Help on Gitter](https://camo.githubusercontent.com/8c4c85951788ff606b1268cb3dd946be05e3054795455d0a7b9250711bc2ac05/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f68656c702d6769747465722d6666303036362e737667)](https://gitter.im/hoaproject/central)[![Documentation](https://camo.githubusercontent.com/7059ad5f1a363f9098686c59d432f01d7330aed9d4b6c8111d985fd64cfc6c60/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f646f63756d656e746174696f6e2d6861636b5f626f6f6b2d6666303036362e737667)](https://central.hoa-project.net/Documentation/Library/Acl)[![Board](https://camo.githubusercontent.com/fd81654ba14b3aca3a713e1b471bc3fc3ba7b5bb3761ccffd6eea2e2ed1fa5ca/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6f7267616e69736174696f6e2d626f6172642d6666303036362e737667)](https://waffle.io/hoaproject/acl)

This library allows to create and manipulate an Access Control List (ACL). The actors of an ACL are the following:

- **Group**, contains zero or more users, has zero or more permissions and owns zero or more services. A group can inherit permissions from other groups. Users and services cannot be inherited. If a group owns a service, this is a shared service because several users can access to it,
- **User**, can own zero or more services and can belong to zero or more groups,
- **Permission**, is like a right. A group holds zero or more permissions that can be used to allow or disallow access to something,
- **Service**, is a document, a resource, something a user would like to access.

Whilst the word “list” is contained in its name, the underlying structure is a graph (please, see [the `Hoa\Graph`library](https://central.hoa-project.net/Resource/Library/Graph)) where vertices (i.e. nodes) are groups.

[Learn more](https://central.hoa-project.net/Documentation/Library/Acl).

Installation
------------

[](#installation)

With [Composer](https://getcomposer.org/), to include this library into your dependencies, you need to require [`hoa/acl`](https://packagist.org/packages/hoa/acl):

```
$ composer require hoa/acl '~1.0'
```

For more installation procedures, please read [the Source page](https://hoa-project.net/Source.html).

Testing
-------

[](#testing)

Before running the test suites, the development dependencies must be installed:

```
$ composer install
```

Then, to run all the test suites:

```
$ vendor/bin/hoa test:run
```

For more information, please read the [contributor guide](https://hoa-project.net/Literature/Contributor/Guide.html).

Quick usage
-----------

[](#quick-usage)

As a quick overview, we propose the following actors:

- Groups: Visitor, buyer, editor, administrator,
- Users: Anonymous visitor, logged visitor, product editor, blog editor,
- Permissions: Read, write, buy,
- Services: Product, blog page.

Basically, there are 2 services: A product and a blog page. It can look like a little shop. Visitors can be logged or not. If logged, then it can buy a product. The shop can be administrated by editors, with different roles: One for the products and one for the blog. Thus, we have 4 groups: Visitor, buyer, editor and administrator.

### Create the ACL

[](#create-the-acl)

We start by creating all the actors, in separated variables for the sake of clarity:

```
$groupVisitor       = new Hoa\Acl\Group('group_visitor');
$groupBuyer         = new Hoa\Acl\Group('group_buyer');
$groupEditor        = new Hoa\Acl\Group('group_editor');
$groupAdministrator = new Hoa\Acl\Group('group_administrator');

$userAnonymousVisitor = new Hoa\Acl\User('user_visitor_anonymous');
$userLoggedVisitor    = new Hoa\Acl\User('user_visitor_logged');
$userProductEditor    = new Hoa\Acl\User('user_editor_product');
$userBlogEditor       = new Hoa\Acl\User('user_editor_blog');

$permissionRead  = new Hoa\Acl\Permission('permission_read');
$permissionWrite = new Hoa\Acl\Permission('permission_write');
$permissionBuy   = new Hoa\Acl\Permission('permission_buy');

$serviceProduct  = new Hoa\Acl\Service('service_product');
$serviceBlogPage = new Hoa\Acl\Service('service_blog_page');
```

Then, we put them together: We create an ACL instance, we add services on users and groups, we add users on groups, we add groups inside the ACL instance and finally we add permissions on groups.

```
// Create an ACL instance.
$acl = new Hoa\Acl();

// Add services to users and groups.
// The visitor group shares the product and the blog page services.
$groupVisitor->addServices([$serviceProduct, $serviceBlogPage]);
// The buyer group shares the product and the blog page services (reminder:
// Services are not inherited).
$groupBuyer->addServices([$serviceProduct, $serviceBlogPage]);
// The product editor user owns the product service.
$userProductEditor->addServices([$serviceProduct]);
// The blog editor user owns the blog page service.
$userBlogEditor->addServices([$serviceBlogPage]);

// Add users to groups.
// The visitor group contains one anonymous visitor user.
$groupVisitor->addUsers([$userAnonymousVisitor]);
// The buyer group contains one logged visitor user.
$groupBuyer->addUsers([$userLoggedVisitor]);
// The editor group contains two users: Product editor and blog editor.
$groupEditor->addUsers([$userProductEditor, $userBlogEditor]);

// Add groups to the ACL instance.
$acl->addGroup($groupVisitor);
// The buy group inherits permissions from the visitor group.
$acl->addGroup($groupBuyer, [$groupVisitor]);
$acl->addGroup($groupEditor);
// The administrator group inherits permissions from the editor group.
$acl->addGroup($groupAdministrator, [$groupEditor]);

// Add permissions.
// The visitor group has permission to read.
$acl->allow($groupVisitor, [$permissionRead]);
// The buy group has permission to buy.
$acl->allow($groupBuyer, [$permissionBuy]);
// The editor group has permission to read and write.
$acl->allow($groupEditor, [$permissionRead, $permissionWrite])
```

This is important to keep in mind that users and services are not inherited between groups.

### Query the ACL

[](#query-the-acl)

Now our ACL is build, we can query it by, for example, using the `isAllowed`method. This method takes at least 2 arguments: A user and a permission. It checks **if a user has a certain permission**. In addition, a service can be provided too, and then it checks **if a user has a certain permission on a specific service**. Let's see some examples.

- Is an anonymous visitor allowed to read a product? Yes.

```
$acl->isAllowed($userAnonymousVisitor, $permissionRead, $serviceProduct) // true
```

- Is an anonymous visitor allowed to buy a product? No.

```
$acl->isAllowed($userAnonymousVisitor, $permissionBuy, $serviceProduct) // false
```

- Is a logged visitor allowed to read a product? Yes.

```
$acl->isAllowed($userLoggedVisitor, $permissionRead, $serviceProduct) // true
```

- Is a logged visitor allowed to buy a product? Yes.

```
$acl->isAllowed($userLoggedVisitor, $permissionBuy, $serviceProduct) // true
```

- Is a logged visitor allowed to write (on any services)? No.

```
$acl->isAllowed($userLoggedVisitor, $permissionWrite) // false
```

- Is a product editor allowed to buy (any services)? No.

```
$acl->isAllowed($userProductEditor, $permissionBuy) // false
```

- Is a product editor allowed to write (any services)? Yes.

```
$acl->isAllowed($userProductEditor, $permissionWrite) // true
```

- Is a blog editor allowed to write (any services)? Yes.

```
$acl->isAllowed($userBlogEditor, $permissionWrite) // true
```

- Is a product editor allowed to write a blog page? No.

```
$acl->isAllowed($userProductEditor, $permissionWrite, $serviceBlogPage) // false
```

- Is a blog editor allowed to write a blog page? Yes.

```
$acl->isAllowed($userBlogEditor, $permissionWrite, $serviceBlogPage) // true
```

Using objects for users, permissions and services can sometimes be cumbersome. Thus, we can use their respective IDs instead. Consequently, one can write:

```
$acl->isAllowed('user_editor_blog', 'permission_write', 'service_blog_page') // true
```

### Thinner query with specific asserter

[](#thinner-query-with-specific-asserter)

It may happen that the ACL, with users, permissions, services and groups, cannot be able to expres all your constraints. That's why an asserter can be provided.

An asserter must implement the `Hoa\Acl\Assertable` interface and expect the `assert` method to be implemented. It will receive the `$userId`, `$permissionId` and optionally the `$serviceId` data. This `assert` method must compute a boolean that will be used as the latest step of the `isAllowed`method.

Imagine the following scenario where a logged user cannot buy another product before M minutes if the amount of the current shopping bag is greater than X:

```
class DoNotBuyThatMuch implements Hoa\Acl\Assertable
{
    public function assert($userId, $permissionId, $serviceId)
    {
        $shoppingBag = getShoppingBagOf($userId);

        return
            X < $shoppingBag->getAmount() &&
            time() + M * 60 > $shoppingBag->getCheckoutTime();
    }
}

$acl->isAllowed(
    $userLoggedVisitor,
    $permissionBuy,
    $serviceProduct,
    new DoNotBuyThatMuch()
);
```

Obviously, the assert body can be complex and this library does not address asserter aggregation or similar problems. However, [the `Hoa\Ruler`library](https://central.hoa-project.net/Resource/Library/Ruler) perfectly fills this role, you might want to consider it.

Documentation
-------------

[](#documentation)

The [hack book of `Hoa\Acl`](https://central.hoa-project.net/Documentation/Library/Acl)contains detailed information about how to use this library and how it works.

To generate the documentation locally, execute the following commands:

```
$ composer require --dev hoa/devtools
$ vendor/bin/hoa devtools:documentation --open
```

More documentation can be found on the project's website: [hoa-project.net](https://hoa-project.net/).

Getting help
------------

[](#getting-help)

There are mainly two ways to get help:

- On the [`#hoaproject`](https://webchat.freenode.net/?channels=#hoaproject)IRC channel,
- On the forum at [users.hoa-project.net](https://users.hoa-project.net).

Contribution
------------

[](#contribution)

Do you want to contribute? Thanks! A detailed [contributor guide](https://hoa-project.net/Literature/Contributor/Guide.html) explains everything you need to know.

License
-------

[](#license)

Hoa is under the New BSD License (BSD-3-Clause). Please, see [`LICENSE`](https://hoa-project.net/LICENSE) for details.

###  Health Score

37

—

LowBetter than 81% of packages

Maintenance19

Infrequent updates — may be unmaintained

Popularity25

Limited adoption so far

Community20

Small or concentrated contributor base

Maturity71

Established project with proven stability

 Bus Factor1

Top contributor holds 91% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~73 days

Recently: every ~97 days

Total

14

Last Release

3347d ago

Major Versions

0.16.01.11 → 1.16.04.062016-04-06

### Community

Maintainers

![](https://www.gravatar.com/avatar/a410060743cec0e0d8654661b726a7a25f5888f18059d4c942a8fd9a8128f0da?d=identicon)[Hoa](/maintainers/Hoa)

---

Top Contributors

[![Hywan](https://avatars.githubusercontent.com/u/946104?v=4)](https://github.com/Hywan "Hywan (91 commits)")[![vonglasow](https://avatars.githubusercontent.com/u/1275202?v=4)](https://github.com/vonglasow "vonglasow (3 commits)")[![Grummfy](https://avatars.githubusercontent.com/u/668804?v=4)](https://github.com/Grummfy "Grummfy (2 commits)")[![stephpy](https://avatars.githubusercontent.com/u/232744?v=4)](https://github.com/stephpy "stephpy (2 commits)")[![Metalaka](https://avatars.githubusercontent.com/u/5406767?v=4)](https://github.com/Metalaka "Metalaka (1 commits)")[![shulard](https://avatars.githubusercontent.com/u/482993?v=4)](https://github.com/shulard "shulard (1 commits)")

---

Tags

aclhoalibrarypermissionphplibraryuserserviceaccesslistaclpermissionresourcecontrolgroup

### Embed Badge

![Health badge](/badges/hoa-acl/health.svg)

```
[![Health](https://phpackages.com/badges/hoa-acl/health.svg)](https://phpackages.com/packages/hoa-acl)
```

###  Alternatives

[2amigos/yii2-usuario

Highly customizable and extensible user management, authentication, and authorization Yii2 extension

294282.0k15](/packages/2amigos-yii2-usuario)[gburtini/acl

Dependency free, simple access control lists for PHP.

3610.4k1](/packages/gburtini-acl)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
