PHPackages                             pimcore/frontend-permission-toolkit-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication & Authorization](/categories/authentication)
4. /
5. pimcore/frontend-permission-toolkit-bundle

ActivePimcore-bundle[Authentication & Authorization](/categories/authentication)

pimcore/frontend-permission-toolkit-bundle
==========================================

Provides a way to configure permissions for frontend applications in data objects.

v3.3.0(5mo ago)20188.7k—2%13[5 issues](https://github.com/pimcore/frontend-permission-toolkit/issues)[1 PRs](https://github.com/pimcore/frontend-permission-toolkit/pulls)1proprietaryPHPPHP ~8.3.0 || ~8.4.0CI passing

Since Mar 28Pushed 1mo ago10 watchersCompare

[ Source](https://github.com/pimcore/frontend-permission-toolkit)[ Packagist](https://packagist.org/packages/pimcore/frontend-permission-toolkit-bundle)[ RSS](/packages/pimcore-frontend-permission-toolkit-bundle/feed)WikiDiscussions 2026.x Synced 1mo ago

READMEChangelog (10)Dependencies (5)Versions (53)Used By (1)

FrontendPermissionToolkit
=========================

[](#frontendpermissiontoolkit)

Adds some helpers to define permissions for users in websites based on Pimcore objects. So user permissions for complex systems can be defined directly in Pimcore objects.

A scenario to set up a role based permission system:

- user represented as objects with a number of permission rights (= Permission Resources)
- each user has relations to user groups (also Pimcore objects) with also a number of permission rights (= Permission Resources)

[![sample](doc/img/sample.jpg)](doc/img/sample.jpg)

Installation instructions
-------------------------

[](#installation-instructions)

1. Inside your pimcore project require the bundle as a dependency:

    ```
    composer require pimcore/frontend-permission-toolkit-bundle

    ```
2. Enable the bundle using the CLI command:

    ```
    bin/console pimcore:bundle:enable FrontendPermissionToolkitBundle

    ```

This will enable & install the bundle in your pimcore project as well as run the assets:install command. Alternatively you can log in to your admin area go to *Tools > Extensions* and enable the bundle from the list by clicking on the appropriate icon.

### Functionality overview

[](#functionality-overview)

- Additional data types for Pimcore objects

    - Permission Resource:
        - represents one specific user right (e.g. login)
        - can have values `allow` `deny` `inherit`
    - Dynamic Permission Resource:
        - represents a set of specific rights for a user
        - each entry can have values `allow` `deny` `inherit`
        - actual permission resources are defined by a data provider
            - defined in the class definition, either defined by class name or service name with leading `@`
            - data provider class needs to implement `DataProviderInterface` and return an array of roles and labels:

            ```
            public function getPermissionResources(array $context, \Pimcore\Model\DataObject\ClassDefinition\Data $fieldDefinition): array
            {
                // static example for explanation
                return [
                    ['value' => 'testpermission_1', 'label' => 'Permission for test'],
                    ['value' => 'testpermission_2', 'label' => 'Another Permission for test'],
                ];
            }
            ```
    - Permission ManyToMany Relation: Wrapper for default data type `objects` for recursive permission calculation.
    - Permission ManyToOne Relation: Wrapper for default data type `href` for recursive permission calculation.
- Service for checking user rights based on a Pimcore object and a permission resource as service class `Service` with two methods:

    - `Service::getPermissions`:
        - returns an array of all permissions for the given object, automatically merges all permission resources of objects related to the given object with 'Permission Objects' or 'Permission Href'.
        - merging: When permission is set to allow / deny directly in object, this is always used. Otherwise optimistic merging is used -> once one permission is allowed, it stays that way.
    - `Service::isAllowed`: checks if given object is allowed for given resource

The Service is registered at the container with the key `bundle.frontendpermissiontoolkit.service`.

#### Event listener

[](#event-listener)

The postGetPermissions event listener allows you to manipulate the permissions after they have been collected. Take into account that the getPermissions method can be executed recursively. Therefore, make sure you add an object condition.

```
namespace AppBundle\EventListener;

use FrontendPermissionToolkitBundle\Event\PermissionsEvent;
use Pimcore\Model\DataObject\User;

class PermissionsListener
{
    public function postGetPermissions(PermissionsEvent $permissionsEvent): void
    {
        // Object the permissions are retrieved for
        $user = $permissionsEvent->getObject();
        if (!$user instanceof User) {
            return;
        }

        // Access service methods to retrieve additional permissions and merge them
        $service = $permissionsEvent->getService();

        $permissions = $permissionsEvent->getPermissions();
        $mergedPermissions = $permissions;
        foreach ($user->getGroups() ?? [] as $userGroup) {
            $userGroupPermissions = $service->getPermissions($userGroup);
            $mergedPermissions = $service->mergeNestedObjectPermissions($mergedPermissions, $permissions, $userGroupPermissions);
        }

        // Update the permissions to return them from the service method
        $permissionsEvent->setPermissions($mergedPermissions);
    }
}
```

```
service:
    AppBundle\EventListener\PermissionsListener:
        tags:
            - {
                name: kernel.event_listener
                event: frontendPermissionsToolkit.service.postGetPermissions
                method: postGetPermissions
            }
```

### Integration with Symfony Security

[](#integration-with-symfony-security)

For how to integrate Pimcore objects with Symfony Security in general have a look at [Pimcore docs](https://www.pimcore.org/docs/5.0.0/Development_Tools_and_Details/Security_Authentication/Authenticate_Pimcore_Objects.html).

In order to use Permission Resources in Symfony Security definition, you could export each allowed Permission Resource of an Pimcore object as role.

To do so, add the trait `FrontendPermissionToolkitBundle\CoreExtensions\Traits\PermissionResourcesAsRolesTrait` to your Pimcore user object and make sure there is no other `getRoles` method defined in the object. This method returns all Permission Resources the user is allowed prefixed with `GROUP_` to as an array.

As a consequence, you can use Permission Resources in your access control configuration as follows:

```
    access_control:
        - { path: ^/special-offer-page, roles: ROLE_offer }
```

> Note: To apply changes of permissions in the user object, the user has to logout and login again.

### Integration with Pimcore navigation

[](#integration-with-pimcore-navigation)

To show/hide documents in navigation, you can assign Permission Resources as properties to Pimcore documents. Just add a property named `permission_resource` with name name of the `permissionResource` as value to the document.

[![Permission Property](doc/img/property.jpg)](doc/img/property.jpg)

A special navigation builder shipped by this bundle (`FrontendPermissionToolkitBundle\CoreExtensions\Navigation\Builder`) then can show/hide documents in navigation based on the permissions of the current user.

To do so, add following service definition to your application:

```
Pimcore\Navigation\Builder:
    class: FrontendPermissionToolkitBundle\CoreExtensions\Navigation\Builder
    arguments: ['@pimcore.http.request_helper']
    public: false
    calls:
      - [setService, ['@bundle.frontendpermissiontoolkit.service']]
      - [setCurrentUser, ['@security.token_storage']]
```

> Make sure that you deactivate the caching of the Pimcore navigation creation!

> This only hides the document in navigation. It does not check permissions when the document is called directly via its url. Add an additional check into controller or access control to make sure the document cannot be called with missing permissions.

###  Health Score

66

—

FairBetter than 99% of packages

Maintenance77

Regular maintenance activity

Popularity45

Moderate usage in the ecosystem

Community32

Small or concentrated contributor base

Maturity94

Battle-tested with a long release history

 Bus Factor3

3 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~83 days

Recently: every ~28 days

Total

36

Last Release

53d ago

Major Versions

v1.5.1 → v2.0.0-RC12023-04-25

v1.5.2 → v2.0.02023-05-16

1.5.x-dev → v2.0.12023-09-14

2.0.x-dev → v3.0.0-RC12025-04-18

3.4.x-dev → 2026.x-dev2026-03-26

PHP version history (2 changes)v3.0.0-RC1PHP ~8.3.0 || ~8.4.0

2026.x-devPHP ~8.4.0 || ~8.5.0

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/142037?v=4)[Bernhard Rusch](/maintainers/brusch)[@brusch](https://github.com/brusch)

![](https://www.gravatar.com/avatar/fb2f85a3d50811c4d9e10844b4677b8c407adde4173226450dd0bf386914a125?d=identicon)[fashxp](/maintainers/fashxp)

![](https://www.gravatar.com/avatar/72f3c0cb1c22bda196b2f1112fbfc3c51baadc279ac5b4af74d038b17f44212d?d=identicon)[dvesh3](/maintainers/dvesh3)

---

Top Contributors

[![fashxp](https://avatars.githubusercontent.com/u/8792145?v=4)](https://github.com/fashxp "fashxp (57 commits)")[![berfinyuksel](https://avatars.githubusercontent.com/u/99557970?v=4)](https://github.com/berfinyuksel "berfinyuksel (23 commits)")[![kingjia90](https://avatars.githubusercontent.com/u/6014195?v=4)](https://github.com/kingjia90 "kingjia90 (20 commits)")[![mcop1](https://avatars.githubusercontent.com/u/89011527?v=4)](https://github.com/mcop1 "mcop1 (14 commits)")[![datom](https://avatars.githubusercontent.com/u/1777505?v=4)](https://github.com/datom "datom (10 commits)")[![herbertroth](https://avatars.githubusercontent.com/u/126679157?v=4)](https://github.com/herbertroth "herbertroth (7 commits)")[![kjkooistra-youwe](https://avatars.githubusercontent.com/u/24292941?v=4)](https://github.com/kjkooistra-youwe "kjkooistra-youwe (6 commits)")[![bluvulture](https://avatars.githubusercontent.com/u/7668379?v=4)](https://github.com/bluvulture "bluvulture (6 commits)")[![weisswurstkanone](https://avatars.githubusercontent.com/u/6142086?v=4)](https://github.com/weisswurstkanone "weisswurstkanone (5 commits)")[![dvesh3](https://avatars.githubusercontent.com/u/5137917?v=4)](https://github.com/dvesh3 "dvesh3 (5 commits)")[![brusch](https://avatars.githubusercontent.com/u/142037?v=4)](https://github.com/brusch "brusch (5 commits)")[![ValeriaMaltseva](https://avatars.githubusercontent.com/u/11871778?v=4)](https://github.com/ValeriaMaltseva "ValeriaMaltseva (5 commits)")[![markus-moser](https://avatars.githubusercontent.com/u/4639428?v=4)](https://github.com/markus-moser "markus-moser (4 commits)")[![martineiber](https://avatars.githubusercontent.com/u/11687066?v=4)](https://github.com/martineiber "martineiber (3 commits)")[![Corepex](https://avatars.githubusercontent.com/u/16717695?v=4)](https://github.com/Corepex "Corepex (3 commits)")[![alexz707](https://avatars.githubusercontent.com/u/562324?v=4)](https://github.com/alexz707 "alexz707 (3 commits)")[![blankse](https://avatars.githubusercontent.com/u/998558?v=4)](https://github.com/blankse "blankse (2 commits)")[![jcPimcore](https://avatars.githubusercontent.com/u/259032526?v=4)](https://github.com/jcPimcore "jcPimcore (2 commits)")[![aashan10](https://avatars.githubusercontent.com/u/18713900?v=4)](https://github.com/aashan10 "aashan10 (2 commits)")[![robertSt7](https://avatars.githubusercontent.com/u/104770750?v=4)](https://github.com/robertSt7 "robertSt7 (2 commits)")

###  Code Quality

Static AnalysisPHPStan

Type Coverage Yes

### Embed Badge

![Health badge](/badges/pimcore-frontend-permission-toolkit-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/pimcore-frontend-permission-toolkit-bundle/health.svg)](https://phpackages.com/packages/pimcore-frontend-permission-toolkit-bundle)
```

###  Alternatives

[friendsofsymfony/user-bundle

Symfony FOSUserBundle

3.2k35.4M311](/packages/friendsofsymfony-user-bundle)[hslavich/oneloginsaml-bundle

OneLogin SAML Bundle for Symfony

1482.5M1](/packages/hslavich-oneloginsaml-bundle)[nbgrp/onelogin-saml-bundle

OneLogin SAML Symfony Bundle

551.2M](/packages/nbgrp-onelogin-saml-bundle)[nucleos/user-bundle

Lightweight user management for symfony

61380.7k5](/packages/nucleos-user-bundle)[dachcom-digital/members

Pimcore User, Object, Asset and Document Authentication

5690.0k](/packages/dachcom-digital-members)[pimcore/studio-backend-bundle

Pimcore Studio Backend Bundle

19112.5k3](/packages/pimcore-studio-backend-bundle)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)