PHPackages                             machuga/authority - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication & Authorization](/categories/authentication)
4. /
5. machuga/authority

AbandonedArchivedLibrary[Authentication & Authorization](/categories/authentication)

machuga/authority
=================

A simple and flexible authorization system for PHP

2.2.0(11y ago)225111.1k↓22.9%382mitPHPPHP >=5.4.0

Since May 29Pushed 11y ago21 watchersCompare

[ Source](https://github.com/machuga/authority)[ Packagist](https://packagist.org/packages/machuga/authority)[ RSS](/packages/machuga-authority/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (4)Dependencies (3)Versions (10)Used By (2)

THIS REPO IS NOW DEPRECATED / EOL'ED
====================================

[](#this-repo-is-now-deprecated--eoled)

It's been a fun few years, but I no longer use PHP in the capacity I find necessary to maintain Authority. It's been this way for a bit, but I'll simply never get a chance to release Authority 3. If someone else would like to take over this project ping me (@machuga) in an Issue. Otherwise I highly recommend checking out beatswitch/lock or sentry/cartalyst as your alternative ACL library.

Thanks for your support!

Authority
=========

[](#authority)

A simple and flexible activity/resource based authorization system for PHP

[![Build Status](https://camo.githubusercontent.com/4af886cd14928ace340c7ef5f88f387c99f9afdba10da36a0b9dbb8a739513a7/68747470733a2f2f7472617669732d63692e6f72672f6d6163687567612f617574686f726974792e706e673f6272616e63683d646576656c6f70)](https://travis-ci.org/machuga/authority)

Installation via Composer
-------------------------

[](#installation-via-composer)

Add Authority to your composer.json file to require Authority

```
"require" : {
    "machuga/authority" : "dev-master"
}

```

And install via composer

`composer install`

Further installation information is available in `docs/install.md`

Introduction
------------

[](#introduction)

Authority is an authorization system for PHP that focuses more on the concept of activities and resources rather than roles. Using different user roles is still completely possible and often needed, but rather than determining functionality based on roles throughout your app, Authority allows you to simply check if a user is allowed to perform an action on a given resource or activity.

Let's take an example of editing a Post `$post`.

First we'll use standard role-based authorization checks for roles that may be able to delete a post

```
if ($user->hasRole('admin') || $user->hasRole('moderator') || $user->hasRole('editor')) {
    // Can perform actions on resource
    $post->delete();
}
```

While this certainly works, it is highly prone to needing changes, and could get quite large as roles increase.

Let's instead see how simply checking against an activity on a resourse looks.

```
if ($authority->can('edit', $post)) {
    // Can perform actions on resource
    $post->delete();
}
```

Instead of littering the codebase with several conditionals about user roles, we only need to write out a conditional that reads like "if the current user can edit this post".

Default behavior
----------------

[](#default-behavior)

Two important default behaviors of Authority to keep in mind

1. **Unspecified rules are denied** - if you check a rule that has not been set, Authority will deny the activity.
2. **Rules are evaluated in order of declaration** - last rule takes precedence.

Basic usage
-----------

[](#basic-usage)

Authority is intended to be instantiated once per application (though supports multiple instances). It works well with an IoC (Inversion of Control) container that supports singleton access, like [Laravel's IoC](https://github.com/illuminate/container), or by using standard dependency injection. You may assign rules prior to your app authorizing resources, or add at any time.

The Authority constructor requires at least one argument - the object that represents the current user. We'll cover the second optional argument later.

```