PHPackages northern/acl - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. northern/acl ActiveLibrary[Authentication & Authorization](/categories/authentication) northern/acl ============ Role based ACL and permissions. 2.0.0(9y ago)1223MITPHPPHP >=5.3.3 Since Mar 24Pushed 9y ago1 watchersCompare [ Source](https://github.com/northern/Acl)[ Packagist](https://packagist.org/packages/northern/acl)[ RSS](/packages/northern-acl/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (4)Versions (5)Used By (0) ACL === [](#acl) A simple Role based Access Control List build on Zend Framework 2 ACL. Introduction ------------ [](#introduction) Northern\\Acl is a role based ACL that allows for easy definition of permissions for specific roles. Roles can inherit from other roles. Simply by storing a role against a user, using that role would allow you to test if that role is permitted a certain access criteria. Installation ------------ [](#installation) To use Northern\\Acl add it to your project using Composer: ``` "northern/acl": "1.*" ``` Usage ----- [](#usage) To use Northern\\Acl start by defining a permissions list. We can start with an empty list: ``` $permissions = [ 'roles' => [], 'resources' => [], 'rules' => [], ]; ``` Our permissions list contains three top-level requirements, `roles`, `resources` and `rules`. The idea behind a role based ACL is that a specific role has access to resources through specified rules. Don't confuse the elements you define in this list with 'real' objects in your application. The permissions list is simply a structure (or model) we test against, it is static and therefore it doesn't need to be stored in a database but can simply be defined in a business object in your application as part of your business rules. Let's add some permissions.. For the purpose of this demonstration we define four roles; `guest`, `member`, `author` and `admin`. For the sake of argument, we define the resources for a simple blog so we have `post` and `comment` as resources: ``` $permissions = [ 'roles' => [ ['name' => 'guest'], ['name' => 'member', 'parent' => 'guest'], ['name' => 'author', 'parent' => 'member'], ['name' => 'admin', 'parent' => 'author'], ], 'resources' => [ ['name' => 'post'], ['name' => 'comment'], ], 'rules' => [], ]; ``` Easy as. Now lets define a rule that allows guests to view both posts and comments: ``` $permissions = [ 'roles' => [ ['name' => 'guest'], ['name' => 'member', 'parent' => 'guest'], ['name' => 'author', 'parent' => 'member'], ['name' => 'admin', 'parent' => 'author'], ], 'resources' => [ ['name' => 'post'], ['name' => 'comment'], ], 'rules' => [ [ 'access' => 'allow', 'role' => 'guest', 'permissions' => ['view'], 'resources' => ['post', 'comment'], ] ], ]; ``` As you can see, the rule is pretty straight forward. both `permissions` and `resources` can either be set as single values or as an array. Let's create a rule that allows members to create comments: ``` $permissions = [ 'roles' => [ ['name' => 'guest'], ['name' => 'member', 'parent' => 'guest'], ['name' => 'author', 'parent' => 'member'], ['name' => 'admin', 'parent' => 'author'], ], 'resources' => [ ['name' => 'post'], ['name' => 'comment'], ], 'rules' => [ [ 'access' => 'allow', 'role' => 'guest', 'permissions' => ['view'], 'resources' => ['post', 'comment'], ], [ 'access' => 'allow', 'role' => 'member', 'permissions' => ['create'], 'resources' => ['comment'], ] ], ]; ``` Great. Now let's fill in the rest of the permissions: ``` $permissions = [ 'roles' => [ ['name' => 'guest'], ['name' => 'member', 'parent' => 'guest'], ['name' => 'author', 'parent' => 'member'], ['name' => 'admin', 'parent' => 'author'], ], 'resources' => [ ['name' => 'post'], ['name' => 'comment'], ], 'rules' => [ [ 'access' => 'allow', 'role' => 'guest', 'permissions' => ['view'], 'resources' => ['post', 'comment'], ], [ 'access' => 'allow', 'role' => 'member', 'permissions' => ['create'], 'resources' => ['comment'], ], [ 'access' => 'allow', 'role' => 'author', 'permissions' => ['create', 'edit', 'delete'], 'resources' => ['post'], ], [ 'access' => 'allow', 'role' => 'admin', 'permissions' => NULL, 'resources' => NULL, ] ], ]; ``` We added the author permissions and set the admin permissions to allow all access on all resources. To use these permissions we need to load them into the ACL, like this: ``` $acl = new \Northern\Acl\Acl(); $acl->loadPermissions( $permissions ); ``` The `$acl` instance will allow us to test for permissions through the `isAllowed` method. However, the true power of Northern\\Acl is in the `Permissions` class of which need to create a subclass: ``` class Permissions extends \Northern\Acl\Permissions { public function getRoles() { return ['guest', 'member', 'author', 'admin']; } public function getResources() { return ['post', 'comment']; } public function getRules() { return ['create', 'view', 'edit', 'delete']; } } ``` We can now use this `Permissions` class to do some magic: ``` $acl = new \Northern\Acl\Acl(); $acl->loadPermissions( $permissions ); $authorPermissions = new Permissions( $acl, 'author' ); $authorPermissions->canCreatePost(); // TRUE! ``` As you can see. The `Permissions` instance allows you to test for permissions on a role through magic methods. That's all folks! ### Health Score 28 — LowBetter than 54% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity13 Limited adoption so far Community7 Small or concentrated contributor base Maturity61 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~269 days Total 3 Last Release 3536d ago Major Versions 1.0.1 → 2.0.02016-09-11 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/547843?v=4)[Luke Schreur](/maintainers/northern)[@northern](https://github.com/northern) --- Top Contributors [![northern](https://avatars.githubusercontent.com/u/547843?v=4)](https://github.com/northern "northern (11 commits)") --- Tags aclnorthernpermissios ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/northern-acl/health.svg) ``` [![Health](https://phpackages.com/badges/northern-acl/health.svg)](https://phpackages.com/packages/northern-acl) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k89.8M1.0k](/packages/spatie-laravel-permission)[casbin/casbin a powerful and efficient open-source access control library for php projects. 1.3k1.4M54](/packages/casbin-casbin)[laminas/laminas-permissions-acl Provides a lightweight and flexible access control list (ACL) implementation for privileges management 3212.3M81](/packages/laminas-laminas-permissions-acl) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)