PHPackages jomisacu/roles-and-permissions - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. jomisacu/roles-and-permissions ActiveLibrary[Authentication & Authorization](/categories/authentication) jomisacu/roles-and-permissions ============================== A simple way to handle roles and permissions v1.0.0(1mo ago)01MITPHPPHP ^8.1CI passing Since May 5Pushed 1mo ago1 watchersCompare [ Source](https://github.com/jomisacu/roles-and-permissions)[ Packagist](https://packagist.org/packages/jomisacu/roles-and-permissions)[ RSS](/packages/jomisacu-roles-and-permissions/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (3)Versions (3)Used By (0) Roles and Permissions ===================== [](#roles-and-permissions) [![CI](https://github.com/jomisacu/roles-and-permissions/actions/workflows/ci.yml/badge.svg)](https://github.com/jomisacu/roles-and-permissions/actions) A framework-agnostic PHP library for managing roles and permissions with multi-tenant support. Zero runtime dependencies — just PHP 8.1+ and PDO. Features -------- [](#features) - **Multi-tenant** — all data is scoped by a `contextId`, so one installation serves multiple apps, orgs, or workspaces. - **Resource-level permissions** — grant or deny permissions on specific resources with wildcard matching (`blog::post::*`). - **Permission negation** — explicitly deny a permission, even if granted through a role. - **MySQL and PostgreSQL** support. - **Framework-agnostic** — works with Laravel, Symfony, or plain PHP. Migration generators included for all three. - **In-memory caching** — optional `CachedPermissionChecker` decorator to avoid repeated queries within a request. Requirements ------------ [](#requirements) - PHP 8.1+ - `ext-pdo` - `ext-pdo_mysql` (for MySQL) or `ext-pdo_pgsql` (for PostgreSQL) Installation ------------ [](#installation) ``` composer require jomisacu/roles-and-permissions ``` Database Setup -------------- [](#database-setup) Generate migrations for your platform and framework: ``` # Plain PHP + MySQL (default) vendor/bin/jomisacu-roles-and-permissions generate-migrations # Laravel + MySQL vendor/bin/jomisacu-roles-and-permissions generate-migrations \ --target-framework=laravel \ --target-platform=mysql \ --migrations-path=database/migrations # Symfony + PostgreSQL vendor/bin/jomisacu-roles-and-permissions generate-migrations \ --target-framework=symfony \ --target-platform=postgres \ --migrations-path=migrations # Custom table prefix vendor/bin/jomisacu-roles-and-permissions generate-migrations \ --table-prefix=myapp_ ``` Then run the generated migrations with your usual tool (`php artisan migrate`, `doctrine:migrations:migrate`, etc.). Alternatively, apply the consolidated schema directly: ``` mysql -u root -p your_database can($contextId, $actorId, 'edit-posts', 'blog::post::123'); // Any of several permissions $checker->canAny($contextId, $actorId, ['edit-posts', 'delete-posts'], 'blog::post::123'); // All permissions required $checker->canAll($contextId, $actorId, ['edit-posts', 'publish-posts'], 'blog::post::123'); ``` Checking Roles -------------- [](#checking-roles) ``` $checker->is($contextId, $actorId, 'admin'); $checker->isAny($contextId, $actorId, ['admin', 'editor']); $checker->isAll($contextId, $actorId, ['admin', 'editor']); ``` Resource Wildcards ------------------ [](#resource-wildcards) Resources use `::` as separator. The `*` wildcard matches any single segment, and `**` matches any number of remaining segments. Given permissionRequested resourceMatch`blog::post::*``blog::post::123`✅`blog::*::edit``blog::post::edit`✅`blog::**``blog::post::123::comments`✅`blog::post::*``blog::post::123::comments`❌Custom Table Prefix ------------------- [](#custom-table-prefix) Pass the same prefix to both the migration generator and the repositories: ``` use Jomisacu\RolesAndPermissions\MySqlTableNames; $tableNames = MySqlTableNames::fromPrefix('myapp_'); $permissions = new PermissionRepositoryMySql($pdo, $tableNames); $roles = new RoleRepositoryMySql($pdo, $tableNames); // ... same for all other repositories ``` PostgreSQL ---------- [](#postgresql) Replace `MySql` classes with their `Postgres` equivalents: ``` use Jomisacu\RolesAndPermissions\{ PermissionRepositoryPostgres, RoleRepositoryPostgres, PostgresTableNames, }; $tableNames = PostgresTableNames::fromPrefix('myapp_'); $permissions = new PermissionRepositoryPostgres($pdo, $tableNames); ``` Production Notes ---------------- [](#production-notes) - Wrap `PermissionChecker` with `CachedPermissionChecker` to avoid repeated DB queries within a single request. - `PermissionChecker` is stateless across calls, so it can be safely reused as a long-lived service. - SQL repositories raise domain exceptions (`RepositoryException`, `UniqueConstraintViolationException`, `ForeignKeyConstraintViolationException`) instead of leaking raw PDO errors. Tests ----- [](#tests) ``` vendor/bin/phpunit # unit + integration tests vendor/bin/phpstan analyse # static analysis (level 8) ``` Integration tests require MySQL and PostgreSQL. Connection settings are in `phpunit.xml.dist`. Tests that cannot connect to a database are automatically skipped. License ------- [](#license) MIT — see [LICENSE](LICENSE). ### Health Score 38 — LowBetter than 85% of packages Maintenance90 Actively maintained with recent releases Popularity1 Limited adoption so far Community7 Small or concentrated contributor base Maturity47 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~324 days Total 2 Last Release 48d ago Major Versions v0.0.1 → v1.0.02026-03-26 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/6318326?v=4)[jomisacu](/maintainers/jomisacu)[@jomisacu](https://github.com/jomisacu) --- Top Contributors [![jomisacu](https://avatars.githubusercontent.com/u/6318326?v=4)](https://github.com/jomisacu "jomisacu (9 commits)") ### Code Quality TestsPHPUnit Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/jomisacu-roles-and-permissions/health.svg) ``` [![Health](https://phpackages.com/badges/jomisacu-roles-and-permissions/health.svg)](https://phpackages.com/packages/jomisacu-roles-and-permissions) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)