PHPackages                             jails/li3\_access - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. jails/li3\_access

ActiveLithium-library[Authentication &amp; Authorization](/categories/authentication)

jails/li3\_access
=================

Access control (DbAcl, Rules, Simple) for the Lithium PHP framework

2801PHP

Since Jul 10Pushed 12y ago3 watchersCompare

[ Source](https://github.com/jails/li3_access)[ Packagist](https://packagist.org/packages/jails/li3_access)[ RSS](/packages/jails-li3-access/feed)WikiDiscussions master Synced 4w ago

READMEChangelogDependenciesVersions (2)Used By (0)

Access control adapters
=======================

[](#access-control-adapters)

Don't use this in production. It's an early alpha release.

Requirements
------------

[](#requirements)

- **PHP 5.4**
- This plugin needs [li3\_behaviors](https://github.com/jails/li3_behaviors) (only if you intend to use the DbAcl adapter).
- This plugin needs [li3\_tree](https://github.com/jails/li3_tree) (only if you intend to use the DbAcl adapter).
- This plugin needs [li3\_fixtures](https://github.com/UnionOfRAD/li3_fixtures) (only if you intend to run DbAcl adapter tests).

Installation
------------

[](#installation)

Checkout the code to either of your library directories:

```
cd libraries
git clone git@github.com:jails/li3_access.git

```

Include the library in your `/app/config/bootstrap/libraries.php`

```
Libraries::add('li3_access');

```

Presentation
------------

[](#presentation)

This plugin provide a couple of adapters for managing access control into your application. It can manage simple rule based system as well as access control lists system. Access control lists are a way to manage application permissions in a fine-grained. It's not as fast as rule based system but allow further control on your application/models.

API
---

[](#api)

### Simple adapter:

[](#simple-adapter)

The simple adapter only checks that the passed data is not empty.

```
Access::config('simple' => ['adapter' => 'Simple']);
Access::check('rules', ['username' => 'Max']); //return `true`
Access::check('rules', true); //return `true`
Access::check('rules', []); //return `false`
```

### Rule adapter:

[](#rule-adapter)

The rule adapter check access from a predefinied/custom closure. To use this adapter configure `Access` like the following:

```
Access::config('rules', ['adapter' => 'Rules']);
```

The rules adpater already contains the following rules: `'allowAll'`, `'denyAll'`, `'allowAnyUser'`, `'allowIp'`.

Example of use:

```
$user = Auth::check('auth_config_name');
Access::check('rules', $user, $request, ['rules' => ['allowAnyUser']]);

$user = User::find('first', ['username' => 'psychic']);
Access::check('rules', $user, $request, ['rules' => ['allowAnyUser']]);
```

Rule with parameters:

```
Access::check('rules', null, $request,  [
	'rules' => [
		'allowIp' => [
			'ip' => '/10\.0\.1\.\d+/' //parameter to pass to the `'allowIp'` closure.
		]
	]
]);
```

You can add custom rule on `::config()`:

```
Access::config('rules' => [
	'adapter' => 'Rules',
	'rules' => [
		'testDeny' => [
			'message' => 'Access denied.',
			'rule' => function($requester) {
				return false;
			}
		]
	]
]);
```

or dynamically with:

```
Access::rules('rules', 'testDeny', function($requester) { return false; }, [
	'message' => 'Access denied.'
]);
```

### DbAcl adapter:

[](#dbacl-adapter)

This adapter currently works for only SQL databases (i.e MySQL, PostgreSQL and Sqlite3).

```
Access::config('acl' => ['adapter' => 'DbAcl']);
```

Access control lists, or ACL, handle two main things: things that want stuff, and things that are wanted. This is usually represented by:

- Access Control Object (Aco), i.e. something that is wanted
- Access Request Object (Aro), i.e. Something that wants something

And beetween Acos and Aros, there's permissions which define the access privileges beetween Aros and Acos.

Above, the schema needed to makes things works out of the box for a MySQL database:

```
DROP TABLE IF EXISTS `acos`;
CREATE TABLE `acos` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `parent_id` int(10) DEFAULT NULL,
  `class` varchar(255) DEFAULT NULL,
  `fk_id` int(10) DEFAULT NULL,
  `alias` varchar(255) DEFAULT NULL,
  `lft` int(10) DEFAULT NULL,
  `rght` int(10) DEFAULT NULL,
  PRIMARY KEY (`id`)
);

DROP TABLE IF EXISTS `aros`;
CREATE TABLE `aros` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `parent_id` int(10) DEFAULT NULL,
  `class` varchar(255) DEFAULT NULL,
  `fk_id` int(10) DEFAULT NULL,
  `alias` varchar(255) DEFAULT NULL,
  `lft` int(10) DEFAULT NULL,
  `rght` int(10) DEFAULT NULL,
  PRIMARY KEY (`id`)
);

DROP TABLE IF EXISTS `permissions`;
CREATE TABLE `permissions` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `aro_id` int(10) NOT NULL,
  `aco_id` int(10) NOT NULL,
  `privileges` text,
  PRIMARY KEY (`id`)
);
```

Of course you need to adapt this schema according your own SQL database.

Once Acos and Aros are correctly defined (see test's fixtures for a better understanding of what Acos and Aros looks like).

You can add privileges:

```
Access::allow('acl', 'admin/max', 'controller/backend', ['read', 'create', 'update', 'delete']);
//or:
Access::allow('acl', 'admin/max', 'controller/backend', 'publish');
//or:
$user = User::find('first', ['username' => 'max']);
Access::allow('acl', $user, 'controller/backend', ['read', 'create', 'update', 'publish']);
```

You can remove privileges:

```
Access::deny('acl', 'user/joe', 'controller/backend', ['delete']);
```

Use `Access::check()` to check some privileges:

```
Access::check('acl', 'user/joe', 'controller/backend', ['delete']);
```

Or `Access::get()` for recovering all privileges for an Aro/Aco:

```
Access::get('acl', 'user/joe', 'controller/backend');
```

Greetings
---------

[](#greetings)

The li3 team, Tom Maiaroto, Weluse, rich97, CakePHP's ACL, Pamela Anderson and all others which make that possible.

Build status
------------

[](#build-status)

[![Build Status](https://camo.githubusercontent.com/a7f821910e6e7c30f454d3bd1879b68c26e73a90edb909bd5cf666c7f264c693/68747470733a2f2f7365637572652e7472617669732d63692e6f72672f6a61696c732f6c69335f6163636573732e706e673f6272616e63683d6d6173746572)](http://travis-ci.org/jails/li3_access)

###  Health Score

23

—

LowBetter than 26% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity13

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity43

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 86.4% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/1306941?v=4)[Simon JAILLET](/maintainers/jails)[@jails](https://github.com/jails)

---

Top Contributors

[![jails](https://avatars.githubusercontent.com/u/1306941?v=4)](https://github.com/jails "jails (19 commits)")[![djordje](https://avatars.githubusercontent.com/u/1223357?v=4)](https://github.com/djordje "djordje (3 commits)")

### Embed Badge

![Health badge](/badges/jails-li3-access/health.svg)

```
[![Health](https://phpackages.com/badges/jails-li3-access/health.svg)](https://phpackages.com/packages/jails-li3-access)
```

###  Alternatives

[kartik-v/yii2-password

Useful password strength validation utilities for Yii Framework 2.0

791.3M17](/packages/kartik-v-yii2-password)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
