PHPackages                             mgomezbuceta/cakephp-aclmanager - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. mgomezbuceta/cakephp-aclmanager

ActiveCakephp-plugin[Authentication &amp; Authorization](/categories/authentication)

mgomezbuceta/cakephp-aclmanager
===============================

Modern Authorization Manager for CakePHP 5.x - Role-based permission management system

v3.2.5(3mo ago)0451[1 PRs](https://github.com/mgomezbuceta/cakephp-aclmanager/pulls)MITPHPPHP &gt;=8.1

Since Oct 8Pushed 2mo agoCompare

[ Source](https://github.com/mgomezbuceta/cakephp-aclmanager)[ Packagist](https://packagist.org/packages/mgomezbuceta/cakephp-aclmanager)[ Docs](https://github.com/mgomezbuceta/cakephp-aclmanager)[ RSS](/packages/mgomezbuceta-cakephp-aclmanager/feed)WikiDiscussions master Synced today

READMEChangelogDependencies (8)Versions (23)Used By (0)

🔐 CakePHP Authorization Manager
===============================

[](#-cakephp-authorization-manager)

### Modern Role-Based Permission Management for CakePHP 5.x

[](#modern-role-based-permission-management-for-cakephp-5x)

[![Latest Version](https://camo.githubusercontent.com/83161e8e6302292cd1f92358cd615685cf356a9cb4820ab76d0c865c33ccb04f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d676f6d657a6275636574612f63616b657068702d61636c6d616e616765722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/mgomezbuceta/cakephp-aclmanager)[![PHP Version](https://camo.githubusercontent.com/967bc18a8326d9764e43b346d829ac6a174c890b90f82be04dc9027d27721338/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6d676f6d657a6275636574612f63616b657068702d61636c6d616e616765722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/mgomezbuceta/cakephp-aclmanager)[![License](https://camo.githubusercontent.com/c24e4c34fab26e6d63deb858c4c2e2eb36f2c5d776c9eddf4d12b611c76e549e/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f6d676f6d657a6275636574612f63616b657068702d61636c6d616e616765722e7376673f7374796c653d666c61742d737175617265)](LICENSE.md)[![Downloads](https://camo.githubusercontent.com/0b516ccf6543d866862c348720aa900b3ed54d067a3db659a820c2c8181915bd/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d676f6d657a6275636574612f63616b657068702d61636c6d616e616765722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/mgomezbuceta/cakephp-aclmanager)

**A powerful, modern web interface for managing role-based permissions using CakePHP's Authorization plugin.**

[Features](#-features) • [Installation](#-installation) • [Quick Start](#-quick-start) • [Documentation](#-documentation) • [Migration](#-migration-from-v2x)

---

🌟 Features
----------

[](#-features)

### 🎯 **Role-Based Access Control**

[](#-role-based-access-control)

Simple yet powerful RBAC system with role priorities and hierarchical permission management.

### 🔄 **Auto-Discovery**

[](#-auto-discovery)

Automatically scans your application for controllers and actions—no manual configuration needed.

### 🎨 **Modern UI**

[](#-modern-ui)

Beautiful Bootstrap 5 interface with intuitive permission matrices and visual role management.

### 🌍 **Multilingual Support**

[](#-multilingual-support)

Built-in i18n support with Spanish and Galician translations ready to use.

### ⚡ **High Performance**

[](#-high-performance)

Built on CakePHP's Authorization plugin with permission caching for optimal performance.

### 🛡️ **Secure by Default**

[](#️-secure-by-default)

Strict permission checking mode with comprehensive authorization middleware integration.

### 🚀 **CakePHP 5.x Native**

[](#-cakephp-5x-native)

Fully compatible with CakePHP 5.x using modern Authorization instead of deprecated ACL.

---

💡 Why Authorization Manager?
----------------------------

[](#-why-authorization-manager)

Traditional ACL systems (acos/aros) are **deprecated in CakePHP 5.x**. This plugin provides:

- ✅ **Modern Authorization** - Uses CakePHP's official Authorization plugin
- ✅ **Simplified Structure** - No more complex ACO/ARO trees
- ✅ **Visual Management** - Web interface for managing permissions
- ✅ **Role-Based** - Industry-standard RBAC pattern
- ✅ **Easy Integration** - Drop-in authorization solution
- ✅ **Multilingual** - Spanish and Galician translations included

---

📋 Requirements
--------------

[](#-requirements)

RequirementVersionPHP≥ 8.1CakePHP≥ 5.0CakePHP Authorization≥ 3.0---

🚀 Installation
--------------

[](#-installation)

### Step 1: Install via Composer

[](#step-1-install-via-composer)

```
composer require mgomezbuceta/cakephp-aclmanager
composer require cakephp/authorization
```

### Step 2: Load the Plugin

[](#step-2-load-the-plugin)

Add to your `src/Application.php`:

```
public function bootstrap(): void
{
    parent::bootstrap();

    $this->addPlugin('AclManager', ['bootstrap' => true, 'routes' => true]);
}
```

### Step 3: Run Migrations

[](#step-3-run-migrations)

```
bin/cake migrations migrate -p AclManager
```

### Step 4: Sync Resources

[](#step-4-sync-resources)

Visit `/authorization-manager` and click **"Sync Resources"** to discover all your controllers and actions.

**That's it!** 🎉

---

⚡ Quick Start
-------------

[](#-quick-start)

### Basic Setup

[](#basic-setup)

1. **Create Roles**

    - Visit `/authorization-manager/roles`
    - Click "New Role"
    - Create roles like: Administrator, Editor, Viewer
2. **Assign Permissions**

    - Click "Manage Permissions" for a role
    - Check/uncheck permissions for each controller/action
    - Click "Save Permissions"
3. **Integrate with Your Auth**

```
// In your AppController or specific controller
public function initialize(): void
{
    parent::initialize();

    $this->loadComponent('AclManager.AuthorizationManager', [
        'userModel' => 'Users',
        'roleField' => 'role_id'
    ]);
}

public function isAuthorized($user = null): bool
{
    return $this->AuthorizationManager->isAuthorized($user);
}
```

### Add role\_id to Your Users Table

[](#add-role_id-to-your-users-table)

```
ALTER TABLE users ADD COLUMN role_id INT NOT NULL;
ALTER TABLE users ADD FOREIGN KEY (role_id) REFERENCES roles(id);
```

---

📚 Documentation
---------------

[](#-documentation)

**🔧 Configuration Options**### Admin Access Control

[](#admin-access-control)

**IMPORTANT**: By default, only administrators can access the Authorization Manager.

The plugin checks if the user is an admin using multiple methods (in order):

1. **role\_name**: Checks if `role_name` is 'admin', 'administrator', or 'superadmin'
2. **role\_id**: Checks if `role_id == 1` (typically admin role)
3. **is\_admin**: Checks if `is_admin` flag is true
4. **email**: Checks against a whitelist of admin emails

**To customize admin access**, add to your `config/app.php` in the return array:

```
// In config/app.php, add to the return array:
return [
    // ... existing configuration ...

    'AclManager' => [
        'adminAccess' => [
            // Which role IDs can access the Authorization Manager
            'adminRoleIds' => [1, 2],  // Allow role IDs 1 and 2

            // Which role names can access
            'adminRoleNames' => ['admin', 'superuser'],

            // Specific emails (useful for initial setup)
            'adminEmails' => [
                'admin@example.com',
            ],
        ],
        'redirects' => [
            'login' => ['controller' => 'Users', 'action' => 'login'],
            'unauthorized' => ['controller' => 'Dashboard', 'action' => 'index'],
        ],
    ],
];
```

### Session Timeout and Redirect

[](#session-timeout-and-redirect)

When a user's session expires while using the Authorization Manager, they will be redirected to the login page with a `redirect` parameter containing the original URL.

**To handle the redirect in your login controller**, add this code after successful authentication:

```
// In your UsersController login action, after successful authentication:
public function login()
{
    $result = $this->Authentication->getResult();

    if ($result->isValid()) {
        // Check if there's a redirect parameter
        $redirect = $this->request->getQuery('redirect');

        if ($redirect) {
            // Redirect back to the original URL
            return $this->redirect($redirect);
        }

        // Default redirect
        $target = $this->Authentication->getLoginRedirect() ?? '/dashboard';
        return $this->redirect($target);
    }

    if ($this->request->is('post') && !$result->isValid()) {
        $this->Flash->error(__('Invalid username or password'));
    }
}
```

This ensures users are returned to the Authorization Manager page they were viewing after logging in.

### Internationalization (i18n)

[](#internationalization-i18n)

The plugin comes with **Spanish (es\_ES)** and **Galician (gl\_ES)** translations out of the box.

**To change the language**, add to your `config/bootstrap.php`:

```
use Cake\I18n\I18n;

// Set Spanish (default)
I18n::setLocale('es_ES');

// Or Galician
I18n::setLocale('gl_ES');

// Or English
I18n::setLocale('en_US');
```

**To add your own translation:**

1. Create `resources/locales/{locale}/acl_manager.po` in your app
2. Copy entries from `vendor/mgomezbuceta/cakephp-aclmanager/resources/locales/es_ES/acl_manager.po`
3. Translate the `msgstr` values
4. Run `bin/cake i18n extract --plugin AclManager` to update

### Other Configuration Options

[](#other-configuration-options)

In your `config/bootstrap.php`:

```
use Cake\Core\Configure;

// Actions to ignore during resource scan
Configure::write('AclManager.ignoreActions', [
    'isAuthorized',
    'beforeFilter',
    'initialize',
    'AclManager.*',      // Ignore plugin
    'DebugKit.*'         // Ignore DebugKit
]);

// Permission checking mode
Configure::write('AclManager.permissionMode', 'strict'); // or 'permissive'

// Enable permission caching
Configure::write('AclManager.cachePermissions', true);
Configure::write('AclManager.cacheDuration', '+1 hour');

// Default role for new users
Configure::write('AclManager.defaultRoleId', 2);
```

**🗄️ Database Schema**The plugin creates three tables:

**roles** - User roles

```
id, name, description, priority, active, created, modified
```

**permissions** - Role permissions

```
id, role_id, controller, action, plugin, allowed, created, modified
```

**resources** - Available resources (auto-discovered)

```
id, controller, action, plugin, description, active, created, modified
```

**🔌 Component Usage**```
// Load the component
$this->loadComponent('AclManager.AuthorizationManager');

// Check if user is authorized
$allowed = $this->AuthorizationManager->isAuthorized($user);

// Check specific permission
$allowed = $this->AuthorizationManager->checkPermission(
    $roleId,
    'Articles',
    'edit',
    'Blog' // plugin name (optional)
);

// Clear permission cache
$this->AuthorizationManager->clearCache();

// Handle unauthorized access
return $this->AuthorizationManager->handleUnauthorized();
```

**🎯 Service Layer**```
use AclManager\Service\PermissionService;
use AclManager\Service\ResourceScannerService;

// Permission management
$permissionService = new PermissionService();

// Grant permission
$permissionService->grant($roleId, 'Articles', 'edit');

// Deny permission
$permissionService->deny($roleId, 'Articles', 'delete');

// Get permission matrix
$matrix = $permissionService->getPermissionMatrix($roleId);

// Copy permissions between roles
$permissionService->copyPermissions($sourceRoleId, $targetRoleId);

// Resource scanning
$scannerService = new ResourceScannerService();
$stats = $scannerService->scanAndSync();

// Get grouped resources
$resources = $scannerService->getGroupedResources();
```

**🐛 Troubleshooting****No resources showing?**

```
Visit /authorization-manager and click "Sync Resources"
```

**Permission changes not taking effect?**

```
// Clear cache
Configure::write('AclManager.cachePermissions', false);
// Or clear specific cache
$this->AuthorizationManager->clearCache();
```

**Getting "access denied" after setup?**

```
1. Make sure your User has a role_id assigned
2. Verify permissions are granted for that role
3. Check isAuthorized() is properly implemented

```

---

🔄 Migration from v2.x
---------------------

[](#-migration-from-v2x)

> **⚠️ BREAKING CHANGE**: Version 3.0 uses Authorization plugin instead of deprecated ACL.

### Migration Steps:

[](#migration-steps)

1. **Backup your data**

```
CREATE TABLE backup_aros_acos AS SELECT * FROM aros_acos;
```

2. **Update composer.json**

```
composer remove cakephp/acl
composer require cakephp/authorization
composer update mgomezbuceta/cakephp-aclmanager
```

3. **Run new migrations**

```
bin/cake migrations migrate -p AclManager
```

4. **Update routes**

    - Old: `/acl-manager`
    - New: `/authorization-manager`
5. **Update component**

```
// Old
$this->loadComponent('AclManager.AclManager');

// New
$this->loadComponent('AclManager.AuthorizationManager');
```

6. **Rebuild permissions**
    - Create new roles matching your old ARO structure
    - Use "Sync Resources" to discover controllers
    - Manually assign permissions (old ACL data cannot be migrated)

---

🏗️ Architecture
---------------

[](#️-architecture)

```
┌─────────────────────────────────────────┐
│      PermissionsController               │
│      (Web Interface)                     │
└──────────────┬──────────────────────────┘
               │
      ┌────────┴────────┐
      │                 │
┌─────▼──────────┐ ┌───▼──────────────────┐
│ Permission     │ │ ResourceScanner      │
│ Service        │ │ Service              │
│                │ │                      │
│ • Check Auth   │ │ • Scan Controllers   │
│ • Grant/Deny   │ │ • Sync Resources     │
│ • Copy Perms   │ │ • Auto-Discovery     │
└────────────────┘ └──────────────────────┘
        │                     │
        └──────────┬──────────┘
                   │
      ┌────────────▼─────────────┐
      │  Database Tables          │
      │  • roles                  │
      │  • permissions            │
      │  • resources              │
      └───────────────────────────┘

```

---

🤝 Contributing
--------------

[](#-contributing)

Contributions are welcome!

1. 🍴 Fork the repository
2. 🌿 Create your feature branch (`git checkout -b feature/amazing-feature`)
3. 💻 Write clean, documented code following PSR-12
4. ✅ Add tests for new functionality
5. 📝 Commit your changes (`git commit -m 'Add amazing feature'`)
6. 🚀 Push to the branch (`git push origin feature/amazing-feature`)
7. 🎉 Open a Pull Request

---

📄 License
---------

[](#-license)

This project is licensed under the **MIT License** - see [LICENSE.md](LICENSE.md) for details.

```
Copyright (c) 2025 Marcos Gómez Buceta
Copyright (c) 2016 Iván Amat

```

---

👨‍💻 Author
----------

[](#‍-author)

**Marcos Gómez Buceta**

[![GitHub](https://camo.githubusercontent.com/11a808f9ebf491124c4f8a81f56963a1385993a347db09da93d1e56fb2d620d7/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4769744875622d6d676f6d657a6275636574612d3138313731373f7374796c653d666c61742d737175617265266c6f676f3d676974687562)](https://github.com/mgomezbuceta)[![Email](https://camo.githubusercontent.com/a508bf8034350d873d20a3526e735a78418b6ab8fcd0dc6d7fabd404c6d91504/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f456d61696c2d6d676f6d657a627563657461253430676d61696c2e636f6d2d4541343333353f7374796c653d666c61742d737175617265266c6f676f3d676d61696c266c6f676f436f6c6f723d7768697465)](mailto:mgomezbuceta@gmail.com)

---

🙏 Acknowledgments
-----------------

[](#-acknowledgments)

This project evolved from the excellent ACL Manager foundation:

- **[Iván Amat](https://github.com/ivanamat)** - Original CakePHP 4.x Acl Manager
- **[Frédéric Massart (FMCorz)](https://github.com/FMCorz)** - Original CakePHP 2.x AclManager

Special thanks to the CakePHP community for their continuous support.

---

**⭐ If you find this plugin useful, please give it a star! ⭐**

Made with ❤️ for the CakePHP community

[Report Bug](https://github.com/mgomezbuceta/cakephp-aclmanager/issues) • [Request Feature](https://github.com/mgomezbuceta/cakephp-aclmanager/issues)

###  Health Score

41

—

FairBetter than 87% of packages

Maintenance83

Actively maintained with recent releases

Popularity9

Limited adoption so far

Community12

Small or concentrated contributor base

Maturity54

Maturing project, gaining track record

 Bus Factor2

2 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~8 days

Recently: every ~0 days

Total

22

Last Release

107d ago

Major Versions

v2.0.0 → v3.0.02025-10-09

### Community

Maintainers

![](https://www.gravatar.com/avatar/1fceb7da125fb494a16f01dd9beb81afda8b531697ad743f0445515ab00b167a?d=identicon)[mgomezbuceta](/maintainers/mgomezbuceta)

---

Top Contributors

[![ivanamat](https://avatars.githubusercontent.com/u/14802779?v=4)](https://github.com/ivanamat "ivanamat (41 commits)")[![mgomez6t](https://avatars.githubusercontent.com/u/195294229?v=4)](https://github.com/mgomez6t "mgomez6t (38 commits)")[![mgomezbuceta](https://avatars.githubusercontent.com/u/2768188?v=4)](https://github.com/mgomezbuceta "mgomezbuceta (19 commits)")[![pfuri](https://avatars.githubusercontent.com/u/4585370?v=4)](https://github.com/pfuri "pfuri (2 commits)")[![tjanssl](https://avatars.githubusercontent.com/u/13731394?v=4)](https://github.com/tjanssl "tjanssl (1 commits)")

---

Tags

plugincakephpmanagerauthorizationrolespermissionsrbaccake5cakephp5

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/mgomezbuceta-cakephp-aclmanager/health.svg)

```
[![Health](https://phpackages.com/badges/mgomezbuceta-cakephp-aclmanager/health.svg)](https://phpackages.com/packages/mgomezbuceta-cakephp-aclmanager)
```

###  Alternatives

[dereuromark/cakephp-tinyauth

A CakePHP plugin to handle user authentication and authorization the easy way.

131240.2k13](/packages/dereuromark-cakephp-tinyauth)[santigarcor/laratrust

This package provides a flexible way to add Role-based Permissions to Laravel

2.3k5.8M47](/packages/santigarcor-laratrust)[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6783.6k6](/packages/hasinhayder-tyro)[smarch/watchtower

Front-end for the Shinboi Auth system of Users / Roles / Permissions in Laravel 5

523.0k](/packages/smarch-watchtower)[wnikk/laravel-access-rules

Simple system of ACR (access control rules) for Laravel, with roles, groups, unlimited inheritance and possibility of multiplayer use.

103.7k1](/packages/wnikk-laravel-access-rules)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
