PHPackages                             mimmi20/mezzio-generic-authorization-acl - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [HTTP &amp; Networking](/categories/http)
4. /
5. mimmi20/mezzio-generic-authorization-acl

ActiveLibrary[HTTP &amp; Networking](/categories/http)

mimmi20/mezzio-generic-authorization-acl
========================================

Provides a laminas-permissions-acl adapter for mezzio-generic-authorization.

5.0.3(2mo ago)163.8k12MITPHPPHP ~8.3.0 || ~8.4.0 || ~8.5.0 || ~8.6.0CI passing

Since Jan 10Pushed 3w ago1 watchersCompare

[ Source](https://github.com/mimmi20/mezzio-generic-authorization-acl)[ Packagist](https://packagist.org/packages/mimmi20/mezzio-generic-authorization-acl)[ Docs](https://github.com/mimmi20/mezzio-generic-authorization-acl)[ RSS](/packages/mimmi20-mezzio-generic-authorization-acl/feed)WikiDiscussions master Synced 2d ago

READMEChangelog (10)Dependencies (42)Versions (29)Used By (2)

mezzio-generic-authorization-acl
================================

[](#mezzio-generic-authorization-acl)

[![Latest Stable Version](https://camo.githubusercontent.com/8fc4514cafb64c0111fbadb27214d498c218a72cbb04fe25d92bdbbe28dbfe5f/68747470733a2f2f706f7365722e707567782e6f72672f6d696d6d6932302f6d657a7a696f2d67656e657269632d617574686f72697a6174696f6e2d61636c2f762f737461626c653f666f726d61743d666c61742d737175617265)](https://packagist.org/packages/mimmi20/mezzio-generic-authorization-acl)[![Latest Unstable Version](https://camo.githubusercontent.com/2cbb3026b4019aa7c4b017e86adac3da75fa07d2419106edf9457ae9c6b2936b/68747470733a2f2f706f7365722e707567782e6f72672f6d696d6d6932302f6d657a7a696f2d67656e657269632d617574686f72697a6174696f6e2d61636c2f762f756e737461626c653f666f726d61743d666c61742d737175617265)](https://packagist.org/packages/mimmi20/mezzio-generic-authorization-acl)[![License](https://camo.githubusercontent.com/8fba9b940efd7a68a1c768bf62efef2c54da6665474442ddadc74361ad6d2b2b/68747470733a2f2f706f7365722e707567782e6f72672f6d696d6d6932302f6d657a7a696f2d67656e657269632d617574686f72697a6174696f6e2d61636c2f6c6963656e73653f666f726d61743d666c61742d737175617265)](https://packagist.org/packages/mimmi20/mezzio-generic-authorization-acl)

Code Status
-----------

[](#code-status)

[![codecov](https://camo.githubusercontent.com/4d5ca2212a830932ad55a2f36eee08bf5e7312cfcc62d4ab9c94b62afb92b2cb/68747470733a2f2f636f6465636f762e696f2f67682f6d696d6d6932302f6d657a7a696f2d67656e657269632d617574686f72697a6174696f6e2d61636c2f6272616e63682f6d61737465722f67726170682f62616467652e737667)](https://codecov.io/gh/mimmi20/mezzio-generic-authorization-acl)[![Average time to resolve an issue](https://camo.githubusercontent.com/4ed3da692330229892e9ba6331f951597c3d48fbde64451eba58306841a6785b/68747470733a2f2f697369746d61696e7461696e65642e636f6d2f62616467652f7265736f6c7574696f6e2f6d696d6d6932302f6d657a7a696f2d67656e657269632d617574686f72697a6174696f6e2d61636c2e737667)](https://isitmaintained.com/project/mimmi20/mezzio-generic-authorization-acl "Average time to resolve an issue")[![Percentage of issues still open](https://camo.githubusercontent.com/8756e3dbf02d3cca1fb7c2111be66706fe039c66fea420d1dcca08d8d488b649/68747470733a2f2f697369746d61696e7461696e65642e636f6d2f62616467652f6f70656e2f6d696d6d6932302f6d657a7a696f2d67656e657269632d617574686f72697a6174696f6e2d61636c2e737667)](https://isitmaintained.com/project/mimmi20/mezzio-generic-authorization-acl "Percentage of issues still open")[![Mutation testing badge](https://camo.githubusercontent.com/d1ee6f5cdae7fc11a8736c3d43d0b09038fe5cc09ead3f024dda953f80aff4b9/68747470733a2f2f696d672e736869656c64732e696f2f656e64706f696e743f7374796c653d666c61742675726c3d687474707325334125324625324662616467652d6170692e737472796b65722d6d757461746f722e696f2532466769746875622e636f6d2532466d696d6d6932302532466d657a7a696f2d67656e657269632d617574686f72697a6174696f6e2d61636c2532466d6173746572)](https://dashboard.stryker-mutator.io/reports/github.com/mimmi20/mezzio-generic-authorization-acl/master)

Installation
------------

[](#installation)

You can install the mezzio-generic-authorization-acl library with [Composer](https://getcomposer.org):

```
composer require mimmi20/mezzio-generic-authorization-acl
```

Introduction
------------

[](#introduction)

This component provides [Access Control List](https://en.wikipedia.org/wiki/Access_control_list)(ACL) authorization abstraction for the [mezzio-generic-authorization](https://github.com/mimmi20/mezzio-generic-authorization)library.

ACLs are based around the idea of **resources** and **roles**:

- a **resource** is an object to which access is controlled;
- a **role** is an object that may request access to a resource.

Put simply, roles request access to resources. For example, if a parking attendant requests access to a car, then the parking attendant is the requesting role, and the car is the resource, since access to the car may not be granted to everyone.

Through the specification and use of an ACL, an application may control how roles are granted access to resources. For instance, in a web application a *resource* can be a page, a portion of a view, a route, etc. A *role* can vary based on the context in which the request is made: it could be the client identity sent with an API request; whether the users is an *anonymous guest* or a *registered user* of the site; etc.

Configure an ACL system
-----------------------

[](#configure-an-acl-system)

You can provide your ACL definitions using a configuration file, as follows:

```
// config/autoload/authorization.local.php
return [
    // ...
    'mezzio-authorization-acl' => [
        'roles' => [
            'editor'        => [],
            'contributor'   => ['editor'],
            'administrator' => ['contributor'],
        ],
        'resources' => [
            'admin.dashboard',
            'admin.posts',
            'admin.publish',
            'admin.settings'
        ],
        'allow' => [
            'administrator' => ['admin.settings'],
            'contributor' => [
                'admin.dashboard',
                'admin.posts',
            ],
            'editor' => [
                'admin.publish'
            ]
        ]
    ]
];
```

> We use this same example in the documentation of [mezzio-authorization-rbac](https://docs.mezzio.dev/mezzio-authorization-rbac/v1/intro/#configure-an-rbac-system), so that you can compare and contrast the two systems.

The above configuration defines three roles for a blog web site: an *editor*, a *contributor*, and an *administrator*. The *contributor* role has the *editor* role as a child role, meaning it inherits its capabilities. The *administrator* role has the *contributor* role as a child, inheriting both its direct capabilities, as well as any that role has inherited.

> In ACL systems, parent roles inherit the permissions of their children.

Within mezzio-authorization-acl, *resources* are mapped to the *route name* currently being requested. By default, all resources are denied access, unless otherwise stated. In our example, we allow the route `admin.settings` for the *administrator*, the routes `admin.dashboard` and `admin.posts` for the *contributor*, and the route `admin.publish` for the *editor*. Because the *contributor* inherits permissions from *editor*, they will also have access to the `admin.publish` route. Because the *administrator* inherits permissions from *contributor*, they will have access to *all* routes.

You can also deny a resource using the `deny` key in the configuration file. For instance, you can deny access to the route `admin.dashboard` by the *administrator* by adding the following configuration in the previous example:

```
return [
    // ...
    'mezzio-authorization-acl' => [
        // previous configuration array
        'deny' => [
            'administrator' => ['admin.dashboard']
        ]
    ]
]
```

The usage of `allow` and `deny` can help to configure complex permission scenarios, including or excluding specific authorizations.

As noted earlier, mezzio-authorization-acl uses the current route name to determine the resource. If you want to change the permissions type and the logic for authorization, you will need to provide a custom implementation of [`Mezzio\Authorization\AuthorizationInterface`](https://github.com/mimmi20/mezzio-generic-authorization/blob/master/src/AuthorizationInterface.php).

> mezzio-authorization-acl uses [laminas-permissions-acl](https://github.com/laminas/laminas-permissions-acl)to implement its ACL system. For more information, we suggest reading the [laminas-acl documentation](https://docs.laminas.dev/laminas-permissions-acl/).

License
-------

[](#license)

This package is licensed using the MIT License.

Please have a look at [`LICENSE.md`](LICENSE.md).

###  Health Score

59

—

FairBetter than 98% of packages

Maintenance90

Actively maintained with recent releases

Popularity31

Limited adoption so far

Community18

Small or concentrated contributor base

Maturity82

Battle-tested with a long release history

 Bus Factor2

2 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~79 days

Recently: every ~61 days

Total

26

Last Release

23d ago

Major Versions

2.0.7 → 3.0.02023-12-12

3.0.4 → 4.0.02024-12-03

4.0.1 → 5.0.02025-05-01

4.0.2 → 5.0.12025-08-01

4.0.4 → 5.0.22025-10-07

PHP version history (8 changes)1.0.0PHP ^7.1.3 || ^8.0.0

2.0.0PHP ^7.4.0 || ^8.0.0

2.0.2PHP ^7.4.7 || ^8.0.0

2.0.3PHP ^7.4.3 || ^8.0.0

2.0.6PHP ^8.1.0

3.0.3PHP ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0

4.0.0PHP ~8.3.0 || ~8.4.0 || ~8.5.0

5.0.3PHP ~8.3.0 || ~8.4.0 || ~8.5.0 || ~8.6.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/5fea77dd303122241a6caac15ea7456607bcb6f5db869fc8fc9eaf3ec0630a84?d=identicon)[mimmi20](/maintainers/mimmi20)

---

Top Contributors

[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (386 commits)")[![mimmi20](https://avatars.githubusercontent.com/u/1120192?v=4)](https://github.com/mimmi20 "mimmi20 (271 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (153 commits)")

---

Tags

aclmezziomezzio-authorizationmezzio-authorization-aclphp83psr-7middlewarepsr-15authorizationaclmezzio

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan, Rector

Type Coverage Yes

### Embed Badge

![Health badge](/badges/mimmi20-mezzio-generic-authorization-acl/health.svg)

```
[![Health](https://phpackages.com/badges/mimmi20-mezzio-generic-authorization-acl/health.svg)](https://phpackages.com/packages/mimmi20-mezzio-generic-authorization-acl)
```

###  Alternatives

[mezzio/mezzio

PSR-15 Middleware Microframework

3923.8M126](/packages/mezzio-mezzio)[tempest/framework

The PHP framework that gets out of your way.

2.2k34.4k15](/packages/tempest-framework)[mezzio/mezzio-authentication-oauth2

OAuth2 (server) authentication middleware for Mezzio and PSR-7 applications.

28591.3k3](/packages/mezzio-mezzio-authentication-oauth2)[mezzio/mezzio-authentication

Authentication middleware for Mezzio and PSR-7 applications

131.7M39](/packages/mezzio-mezzio-authentication)[mezzio/mezzio-swoole

Swoole support for Mezzio

92252.0k3](/packages/mezzio-mezzio-swoole)[sunrise/http-router

A powerful solution as the foundation of your project.

17451.6k10](/packages/sunrise-http-router)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
