PHPackages                             mimmi20/mezzio-generic-authorization-rbac - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [HTTP &amp; Networking](/categories/http)
4. /
5. mimmi20/mezzio-generic-authorization-rbac

ActiveLibrary[HTTP &amp; Networking](/categories/http)

mimmi20/mezzio-generic-authorization-rbac
=========================================

Provides a laminas-permissions-rbac adapter for mezzio-generic-authorization.

6.0.3(2mo ago)1141MITPHPPHP ~8.3.0 || ~8.4.0 || ~8.5.0 || ~8.6.0CI passing

Since Jan 10Pushed 2w ago1 watchersCompare

[ Source](https://github.com/mimmi20/mezzio-generic-authorization-rbac)[ Packagist](https://packagist.org/packages/mimmi20/mezzio-generic-authorization-rbac)[ Docs](https://github.com/mimmi20/mezzio-generic-authorization-rbac)[ RSS](/packages/mimmi20-mezzio-generic-authorization-rbac/feed)WikiDiscussions master Synced today

READMEChangelog (10)Dependencies (42)Versions (28)Used By (0)

mezzio-generic-authorization-rbac
=================================

[](#mezzio-generic-authorization-rbac)

[![Latest Stable Version](https://camo.githubusercontent.com/4c9a6b91018cd7daba3c4f4135ef3edf8d9fe2581fe0f6914419c3994b555f48/68747470733a2f2f706f7365722e707567782e6f72672f6d696d6d6932302f6d657a7a696f2d67656e657269632d617574686f72697a6174696f6e2d726261632f762f737461626c653f666f726d61743d666c61742d737175617265)](https://packagist.org/packages/mimmi20/mezzio-generic-authorization-rbac)[![Latest Unstable Version](https://camo.githubusercontent.com/1e17f5bcddfc5b61f0d11206a5de95ffe87920b0923c5c039a893dadb05f8a26/68747470733a2f2f706f7365722e707567782e6f72672f6d696d6d6932302f6d657a7a696f2d67656e657269632d617574686f72697a6174696f6e2d726261632f762f756e737461626c653f666f726d61743d666c61742d737175617265)](https://packagist.org/packages/mimmi20/mezzio-generic-authorization-rbac)[![License](https://camo.githubusercontent.com/925d6ecbac0dc32328ad50bc3b90d0cde851e54e00ef95ea5daa7b72efdf423c/68747470733a2f2f706f7365722e707567782e6f72672f6d696d6d6932302f6d657a7a696f2d67656e657269632d617574686f72697a6174696f6e2d726261632f6c6963656e73653f666f726d61743d666c61742d737175617265)](https://packagist.org/packages/mimmi20/mezzio-generic-authorization-rbac)

Code Status
-----------

[](#code-status)

[![codecov](https://camo.githubusercontent.com/48144fde5dbf41c42eb08972a8a232452a6d9223e7687ae1506983dc1000d48a/68747470733a2f2f636f6465636f762e696f2f67682f6d696d6d6932302f6d657a7a696f2d67656e657269632d617574686f72697a6174696f6e2d726261632f6272616e63682f6d61737465722f67726170682f62616467652e737667)](https://codecov.io/gh/mimmi20/mezzio-generic-authorization-rbac)[![Average time to resolve an issue](https://camo.githubusercontent.com/154f0455c6163a5067fa5599351edec67a75ae8c278e10c8f731be7df9923d9b/68747470733a2f2f697369746d61696e7461696e65642e636f6d2f62616467652f7265736f6c7574696f6e2f6d696d6d6932302f6d657a7a696f2d67656e657269632d617574686f72697a6174696f6e2d726261632e737667)](https://isitmaintained.com/project/mimmi20/mezzio-generic-authorization-rbac "Average time to resolve an issue")[![Percentage of issues still open](https://camo.githubusercontent.com/3660ad9a0f8beb15b97cba5700c6beec8e728fdea5e8f86d8ea7095f595aea26/68747470733a2f2f697369746d61696e7461696e65642e636f6d2f62616467652f6f70656e2f6d696d6d6932302f6d657a7a696f2d67656e657269632d617574686f72697a6174696f6e2d726261632e737667)](https://isitmaintained.com/project/mimmi20/mezzio-generic-authorization-rbac "Percentage of issues still open")[![Mutation testing badge](https://camo.githubusercontent.com/2263fc707aca17b32df38e335af9aaf3f2996ffd5cfec9cbf3b1f30b700647b3/68747470733a2f2f696d672e736869656c64732e696f2f656e64706f696e743f7374796c653d666c61742675726c3d687474707325334125324625324662616467652d6170692e737472796b65722d6d757461746f722e696f2532466769746875622e636f6d2532466d696d6d6932302532466d657a7a696f2d67656e657269632d617574686f72697a6174696f6e2d726261632532466d6173746572)](https://dashboard.stryker-mutator.io/reports/github.com/mimmi20/mezzio-generic-authorization-rbac/master)

This library provides a laminas-rbac adapter for mezzio-generic-authorization.

Installation
------------

[](#installation)

You can install the mezzio-generic-authorization-rbac library with [Composer](https://getcomposer.org):

```
composer require mimmi20/mezzio-generic-authorization-rbac
```

Introduction
------------

[](#introduction)

This component provides [Role-Based Access Control](https://en.wikipedia.org/wiki/Role-based_access_control)(RBAC) authorization abstraction for the [mezzio-generic-authorization](https://github.com/mimmi20/mezzio-generic-authorization)library.

RBAC is based on the idea of **roles**. In a web application, users have an **identity** (e.g. username, email, etc). Each identified user then has one or more roles (e.g. admin, editor, guest). Each role has a **permission** to perform one or more actions (e.g. access an URL, execute specific web API calls).

In a typical RBAC system:

- An **identity** has one or more roles.
- A **role** requests access to a permission.
- A **permission** is given to a role.

Thus, RBAC has the following model:

- Many-to-many relationship between identities and roles.
- Many-to-many relationship between roles and permissions.
- Roles can have a parent role.

The first requirement for an RBAC system is **identities**. In our scenario, the users are generated by an authentication system, provided by [mezzio-authentication](https://github.com/mezzio/mezzio-authentication). That library provides a PSR-7 request attribute named `Mezzio\Authentication\UserInterface` when a user is authenticated. The RBAC system uses this instance to get information about the user's identity.

Configure an RBAC system
------------------------

[](#configure-an-rbac-system)

You can configure your RBAC using a configuration file, as follows:

```
// config/autoload/authorization.local.php
return [
    // ...
    'mezzio-authorization-rbac' => [
        'roles' => [
            'administrator' => [],
            'editor'        => ['administrator'],
            'contributor'   => ['editor'],
        ],
        'permissions' => [
            'contributor' => [
                'admin.dashboard',
                'admin.posts',
            ],
            'editor' => [
                'admin.publish',
            ],
            'administrator' => [
                'admin.settings',
            ],
        ],
    ],
];
```

In the above example, we designed an RBAC system with 3 roles: `administator`, `editor`, and `contributor`. We defined a hierarchy of roles as follows:

- `administrator` has no parent role.
- `editor` has `administrator` as a parent. That means `administrator` inherits the permissions of the `editor`.
- `contributor` has `editor` as a parent. That means `editor` inherits the permissions of `contributor`, and following the chain, `administator` inherits the permissions of `contributor`.

For each role, we specified an array of permissions. As you can notice, a permission is just a string; it can represent anything. In our implementation, this string represents a route name. That means the `contributor` role can access the routes `admin.dashboard` and `admin.posts` but cannot access the routes `admin.publish` (assigned to `editor` role) and `admin.settings`(assigned to `administrator`).

If you want to change the authorization logic for each permission, you can write your own `Mimmi20\Mezzio\GenericAuthorization\AuthorizationInterface` implementation. That interface defines the following method:

```
public function isGranted(string $role, string $resource, ?string $privilege = null, ?\Psr\Http\Message\ServerRequestInterface\ServerRequestInterface $request = null): bool;
```

where `$role` is the role, `$resource` is the resource, `$privilege` is an privilege and `$request` is the PSR-7 HTTP request to authorize.

> This library uses the [laminas/laminas-permissions-rbac](https://docs.laminas.dev/laminas-permissions-rbac/)library to implement the RBAC system. Privileges are not supported in this RBAC implementation. If you want to know more about the usage of this library, read the blog post [Manage permissions with laminas-permissions-rbac](https://framework.zend.com/blog/2017-04-27-zend-permissions-rbac.html).

Dynamic Assertion
-----------------

[](#dynamic-assertion)

In some cases you will need to authorize a role based on a specific HTTP request. For instance, imagine that you have an "editor" role that can add/update/delete a page in a Content Management System (CMS). We want to prevent an "editor" from modifying pages they have not created.

These types of authorization are called [dynamic assertions](https://docs.laminas.dev/laminas-permissions-rbac/examples/#dynamic-assertions)and are implemented via the `Laminas\Permissions\Rbac\AssertionInterface` of [laminas-permissions-rbac](https://github.com/laminas/laminas-permissions-rbac).

In order to use it, this package provides `LaminasRbacAssertionInterface`, which extends `Laminas\Permissions\Rbac\AssertionInterface`:

```
namespace Mezzio\Authorization\Rbac;

use Psr\Http\Message\ServerRequestInterface;
use Laminas\Permissions\Rbac\AssertionInterface;

interface LaminasRbacAssertionInterface extends AssertionInterface
{
    public function setRequest(ServerRequestInterface $request) : void;
}
```

The `Laminas\Permissions\Rbac\AssertionInterface` defines the following:

```
namespace Laminas\Permissions\Rbac;

interface AssertionInterface
{
    public function assert(Rbac $rbac, RoleInterface $role, string $permission) : bool;
}
```

Going back to our use case, we can build a class to manage the "editor" authorization requirements, as follows:

```
use Mimmi20\Mezzio\GenericAuthorization\Rbac\LaminasRbacAssertionInterface;
use App\Service\Article;
use Laminas\Permissions\Rbac\Rbac;
use Laminas\Permissions\Rbac\RoleInterface;
use Psr\Http\Message\ServerRequestInterface;

class EditorAuth implements LaminasRbacAssertionInterface
{
    public function __construct(Article $article)
    {
        $this->article = $article;
    }

    public function setRequest(ServerRequestInterface $request): void
    {
        $this->request = $request;
    }

    public function assert(Rbac $rbac, RoleInterface $role, string $permission): bool
    {
        $user = $this->request->getAttribute(UserInterface::class, false);
        return $this->article->isUserOwner($user->getIdentity(), $this->request);
    }
}
```

Where `Article` is a class that checks if the identified user is the owner of the article referenced in the HTTP request.

If you manage articles using a SQL database, the implementation of `isUserOwner()` might look like the following:

```
public function isUserOwner(string $identity, ServerRequestInterface $request): bool
{
    // get the article {article_id} attribute specified in the route
    $url = $request->getAttribute('article_id', false);
    if (! $url) {
        return false;
    }
    $sth = $this->pdo->prepare(
        'SELECT * FROM article WHERE url = :url AND owner = :identity'
    );
    $sth->bindParam(':url', $url);
    $sth->bindParam(':identity', $identity);
    if (! $sth->execute()) {
        return false;
    }
    $row = $sth->fetch();
    return ! empty($row);
}
```

To pass the `Article` dependency to your assertion, you can use a Factory class that generates the `EditorAuth` class instance, as follows:

```
use App\Service\Article;

class EditorAuthFactory
{
    public function __invoke(ContainerInterface $container) : EditorAuth
    {
        return new EditorAuth(
            $container->get(Article::class)
        );
    }
}
```

And configure the service container to use `EditorAuthFactory` to point to `EditorAuth`, using the following configuration:

```
return [
    'dependencies' => [
        'factories' => [
            // ...
            EditorAuth::class => EditorAuthFactory::class
        ]
    ]
];
```

License
-------

[](#license)

This package is licensed using the MIT License.

Please have a look at [`LICENSE.md`](LICENSE.md).

###  Health Score

51

—

FairBetter than 95% of packages

Maintenance91

Actively maintained with recent releases

Popularity8

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity81

Battle-tested with a long release history

 Bus Factor2

2 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~82 days

Recently: every ~62 days

Total

25

Last Release

20d ago

Major Versions

3.0.4 → 4.0.02024-12-03

4.0.0 → 6.0.02025-05-01

5.0.0 → 6.0.12025-08-02

5.0.2 → 6.0.22025-10-07

5.0.3 → 6.0.32026-04-13

PHP version history (8 changes)1.0.0PHP ^7.1.3 || ^8.0.0

2.0.0PHP ^7.4.0 || ^8.0.0

2.0.2PHP ^7.4.7 || ^8.0.0

2.0.3PHP ^7.4.3 || ^8.0.0

2.0.6PHP ^8.1.0

3.0.3PHP ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0

4.0.0PHP ~8.3.0 || ~8.4.0 || ~8.5.0

5.0.3PHP ~8.3.0 || ~8.4.0 || ~8.5.0 || ~8.6.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/5fea77dd303122241a6caac15ea7456607bcb6f5db869fc8fc9eaf3ec0630a84?d=identicon)[mimmi20](/maintainers/mimmi20)

---

Top Contributors

[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (390 commits)")[![mimmi20](https://avatars.githubusercontent.com/u/1120192?v=4)](https://github.com/mimmi20 "mimmi20 (263 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (156 commits)")

---

Tags

laminas-permissions-rbacmezziomezzio-authorizationphp83rbacpsr-7middlewarepsr-15authorizationrbacmezzio

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan, Rector

Type Coverage Yes

### Embed Badge

![Health badge](/badges/mimmi20-mezzio-generic-authorization-rbac/health.svg)

```
[![Health](https://phpackages.com/badges/mimmi20-mezzio-generic-authorization-rbac/health.svg)](https://phpackages.com/packages/mimmi20-mezzio-generic-authorization-rbac)
```

###  Alternatives

[mezzio/mezzio

PSR-15 Middleware Microframework

3923.8M125](/packages/mezzio-mezzio)[tempest/framework

The PHP framework that gets out of your way.

2.2k34.4k15](/packages/tempest-framework)[moonshine/moonshine

Laravel administration panel

1.3k253.1k81](/packages/moonshine-moonshine)[mezzio/mezzio-authentication-oauth2

OAuth2 (server) authentication middleware for Mezzio and PSR-7 applications.

28591.3k3](/packages/mezzio-mezzio-authentication-oauth2)[mezzio/mezzio-authentication

Authentication middleware for Mezzio and PSR-7 applications

131.7M39](/packages/mezzio-mezzio-authentication)[mezzio/mezzio-swoole

Swoole support for Mezzio

92252.0k3](/packages/mezzio-mezzio-swoole)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
