PHPackages klsoft/yii3-authz - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. klsoft/yii3-authz ActiveLibrary[Authentication & Authorization](/categories/authentication) klsoft/yii3-authz ================= The package provides Yii 3 authorization middleware that uses Yii RBAC 1.1.0(2mo ago)091MITPHPPHP >=8.1 Since Feb 8Pushed 2mo agoCompare [ Source](https://github.com/klsoft-web/yii3-authz)[ Packagist](https://packagist.org/packages/klsoft/yii3-authz)[ Docs](https://github.com/klsoft-web/yii3-authz)[ RSS](/packages/klsoft-yii3-authz/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (9)Versions (3)Used By (1) YII3-AUTHZ ========== [](#yii3-authz) The package provides [Yii 3](https://yii3.yiiframework.com) authorization middleware that uses Yii RBAC. It is intended for use with web applications. For authorization of a RESTful web service, use the [YII3-KEYCLOAK-AUTHZ](https://github.com/klsoft-web/yii3-keycloak-authz) package instead. Requirement ----------- [](#requirement) - PHP 8.1 or higher. Installation ------------ [](#installation) ``` composer require klsoft/yii3-authz ``` How to use ---------- [](#how-to-use) ### 1. Configure Authentication [](#1-configure-authentication) Example: ``` use Yiisoft\Session\Session; use Yiisoft\Session\SessionInterface; use Yiisoft\Auth\IdentityRepositoryInterface; use Yiisoft\Definitions\Reference; use Yiisoft\Auth\AuthenticationMethodInterface; use Yiisoft\User\Method\WebAuth; return [ // ... SessionInterface::class => [ 'class' => Session::class, '__construct()' => [ $params['session']['options'] ?? [], $params['session']['handler'] ?? null, ], ], IdentityRepositoryInterface::class => IdentityRepository::class, CurrentUser::class => [ 'withSession()' => [Reference::to(SessionInterface::class)] ], AuthenticationMethodInterface::class => WebAuth::class, ]; ``` ### 2. [Configure](https://yiisoft.github.io/docs/guide/security/authorization.html#configuring-rbac) RBAC [](#2-configure-rbac) ### 3. Add the forbidden URL to param.php [](#3-add-the-forbidden-url-to-paramphp) Example: ``` return [ 'forbiddenUrl' => '/forbidden', ]; ``` ### 4. Configure Authorization [](#4-configure-authorization) Example: ``` use Klsoft\Yii3Authz\Middleware\Authorization; return [ // ... Authorization::class => [ 'class' => Authorization::class, '__construct()' => [ 'forbiddenUrl' => $params['forbiddenUrl'] ], ], ]; ``` ### 5. Apply permissions. [](#5-apply-permissions) #### 5.1. To an action. [](#51-to-an-action) First, add Authorization to a route: ``` use Yiisoft\Auth\Middleware\Authentication; use Klsoft\Yii3Authz\Middleware\Authorization; Route::post('/post/create') ->middleware(Authentication::class) ->middleware(Authorization::class) ->action([PostController::class, 'create']) ->name('post/create') ``` Or to a group of routes: ``` use Yiisoft\Auth\Middleware\Authentication; use Klsoft\Yii3Authz\Middleware\Authorization; Group::create() ->middleware(Authentication::class) ->middleware(Authorization::class) ->routes( Route::post('/post/create') ->action([PostController::class, 'create']) ->name('post/create'), Route::put('/post/update/{id}') ->action([PostController::class, 'update']) ->name('post/update') ) ``` Then, apply permissions to an action: ``` use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ResponseInterface; use Klsoft\Yii3Authz\Permission; final class PostController { public function __construct(private PostPresenterInterface $postPresenter) { } #[Permission('createPost')] public function create(ServerRequestInterface $request): ResponseInterface { return $this->postPresenter->createPost($request); } } ``` Example of an **OR** permission: ``` #[Permission('createPost|updatePost')] public function edit(#[RouteArgument('id')] ?int $id = null, ServerRequestInterface $request): ResponseInterface ``` Example of a permission with an executing parameter value that would be passed to the rules associated with the roles: ``` #[Permission( 'updatePost', ['post' => [ '__container_entry_identifier', PostPresenterInterface::class, 'getPost', ['__request']] ] )] public function update(#[RouteArgument('id')] int $id, ServerRequestInterface $request): ResponseInterface ``` #### 5.2. To a route. [](#52-to-a-route) First, define the set of permissions: ``` use Psr\Container\ContainerInterface; use Klsoft\Yii3Authz\Middleware\Authorization; use Klsoft\Yii3Authz\Permission; 'CreatePostPermission' => static function (ContainerInterface $container) { return $container ->get(Authorization::class) ->withPermissions([ new Permission('createPost']) ]); } ``` Then, you can apply this set to a route: ``` use Yiisoft\Auth\Middleware\Authentication; Route::post('/post/create') ->middleware(Authentication::class) ->middleware('CreatePostPermission') ->action([PostController::class, 'create']) ->name('post/create') ``` ### Health Score 38 — LowBetter than 85% of packages Maintenance86 Actively maintained with recent releases Popularity6 Limited adoption so far Community8 Small or concentrated contributor base Maturity44 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~20 days Total 2 Last Release 73d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/f4e8ac50e4ad22be84b07f4c06d28cf280d22f689c460cd385c556727e638827?d=identicon)[klsoft-web](/maintainers/klsoft-web) --- Top Contributors [![klsoft-web](https://avatars.githubusercontent.com/u/7967163?v=4)](https://github.com/klsoft-web "klsoft-web (2 commits)") --- Tags middlewareauthorizationrbacauthorisationyii3 ### Embed Badge ![Health badge](/badges/klsoft-yii3-authz/health.svg) ``` [![Health](https://phpackages.com/badges/klsoft-yii3-authz/health.svg)](https://phpackages.com/packages/klsoft-yii3-authz) ``` ### Alternatives [cakephp/cakephp The CakePHP framework 8.8k18.5M1.6k](/packages/cakephp-cakephp)[league/oauth2-server A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API. 6.6k136.0M248](/packages/league-oauth2-server)[thecodingmachine/graphqlite Write your GraphQL queries in simple to write controllers (using webonyx/graphql-php). 5723.1M30](/packages/thecodingmachine-graphqlite)[yiisoft/yii-middleware Yii Middleware 21151.3k1](/packages/yiisoft-yii-middleware)[neos/flow Flow Application Framework 862.0M451](/packages/neos-flow)[neos/flow-development-collection Flow packages in a joined repository for pull requests. 144179.3k3](/packages/neos-flow-development-collection) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)