PHPackages makinacorpus/php-acl - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. makinacorpus/php-acl ActiveLibrary[Authentication & Authorization](/categories/authentication) makinacorpus/php-acl ==================== Simple ACL API for PHP 1.1.0(9y ago)147GPL-2PHP Since Feb 19Pushed 8y ago11 watchersCompare [ Source](https://github.com/makinacorpus/php-acl)[ Packagist](https://packagist.org/packages/makinacorpus/php-acl)[ RSS](/packages/makinacorpus-php-acl/feed)WikiDiscussions master Synced 4w ago READMEChangelogDependencies (2)Versions (4)Used By (0) Simple ACL API for PHP ====================== [](#simple-acl-api-for-php) **This a playground/sandbox project.** This API is not meant to store ACLs but to provide a dynamic at runtime API to collect resources ACLs and to check for their validity. I do have lots to document here. History ------- [](#history) Simple ACL API for PHP projects. One could ask why anyone would write another one which is a legitimate question, aside of the fact this was originally a purely educational project, it is today a full fledge API for many reasons: - during educational researches that laid to this API, it appeared that most existing ACL API don't fully embrace the correct concepts naming; - it is framework independent, despite the fact that you may need quite some time to set it up without framework-driven service dependency management; - it has been development with performance as a first-class constraint; - it is storage backend independent, nevertheless it can be used without any storage, plugged on dynamic event-driven ACL builder: this means you can use the API to programatically define ACLs in a reproducible way at runtime the same way you would implement access rights voters. The very first use-case this library was born from is to replace the Drupal *Node Access* API with something that would be generic enough to be used from anything else than actual *Drupal nodes*, but yet to be compatible with the Drupal node access API. Drupal node access is a full ACL system but without any common lexicon which makes it hard to understand: *profiles* become *grants*, *profile types* become *realms*, permissions are restricted to *view*, *update*and *delete*, and entries are *node access records*. The second use-case this library aims to solve is to be usage throught the *Symfony's Security component*. This component is deeply integrated into most of Symfony framework, providing a facade for controllers and templates, rewriting this would be a pure loss of time whereas integrating it using the *voters* system makes it transparently usable within the Symfony framework. In definitive, this API was wrote to be framework independent, naturally comprehensible, well performing, and usable in an environment where Drupal and Symfony both live in the same runtime transparently. Concepts -------- [](#concepts) Here is the basis ACL thesaurus: - a user in a computer system is defined by its identity, but may have many **profiles** (a *profile set*); - a **profile** has a type (e.g. *group*, *user*, ...) and an identifier. For example *John Smith* is the *user 12* and belongs to the *admin group*, he then as the following *profiles*: *(user, 12)* and *(group, admin)*; - a **resource** is a business object that does not have any meaning in this API, it is identified with a type (e.g. *page*, *file*, ...) and an identifier. For example working with a blog site, you could have the *(blog\_entry, 12)* resource; - this API allows external plugins to attach **entries** to any resource; - an **entry** (or ACE in common lexicon) is is defined by a single profile and a set of permissions given to this profile, for example *(group, admin) -> (read, write, delete)* is a valid entry; - **entries** are grouped together for a single resource are named **entry lists** (or ACL in the common lexicon). Most ACL API's got it right, at the exception of the *profile* concept that is oftenly forgotten for the benefit of framework driven concepts (role, user, ...). Usage ===== [](#usage) Collecting user profile ----------------------- [](#collecting-user-profile) Basic usage ----------- [](#basic-usage) Defining entries ---------------- [](#defining-entries) ### Health Score 29 — LowBetter than 57% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity9 Limited adoption so far Community11 Small or concentrated contributor base Maturity65 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~133 days Total 3 Last Release 3151d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/69252826f3a70a19fc5dcefb7ef9d26d465bb300245641abb4dd89d0ec391a66?d=identicon)[pounard](/maintainers/pounard) ![](https://www.gravatar.com/avatar/d21b98752b406528da88850922b1061f39bf72eb2126b413d5c12e275811a40b?d=identicon)[Makina Corpus](/maintainers/Makina%20Corpus) --- Top Contributors [![pounard](https://avatars.githubusercontent.com/u/341855?v=4)](https://github.com/pounard "pounard (68 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/makinacorpus-php-acl/health.svg) ``` [![Health](https://phpackages.com/badges/makinacorpus-php-acl/health.svg)](https://phpackages.com/packages/makinacorpus-php-acl) ``` ### Alternatives [kartik-v/yii2-password Useful password strength validation utilities for Yii Framework 2.0 761.2M17](/packages/kartik-v-yii2-password) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)