PHPackages seablast/seablast - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Framework](/categories/framework) 4. / 5. seablast/seablast ActiveLibrary[Framework](/categories/framework) seablast/seablast ================= Seablast for PHP - a minimalist MVC framework added by composer v0.2.17.2(2mo ago)04.9k2MITJavaScriptPHP >=7.2 <8.6CI passing Since Dec 30Pushed 1mo ago1 watchersCompare [ Source](https://github.com/WorkOfStan/seablast)[ Packagist](https://packagist.org/packages/seablast/seablast)[ RSS](/packages/seablast-seablast/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (18)Versions (32)Used By (2) Seablast for PHP ================ [](#seablast-for-php) [![Total Downloads](https://camo.githubusercontent.com/4bc921cdbd4a7ab0a7aede38ef4cc5325ec216e53d3275f2f0008dfff25da113/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f736561626c6173742f736561626c6173742e737667)](https://packagist.org/packages/seablast/seablast)[![Latest Stable Version](https://camo.githubusercontent.com/359e3359282cb01c9bd76e4d570ba8869dac14fd3ce459f149c83de59c9320eb/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f736561626c6173742f736561626c6173742e737667)](https://packagist.org/packages/seablast/seablast) This minimalist MVC framework added by [composer](https://getcomposer.org/) helps you to create a complex, yet easy to maintain, web application by configuration ONLY: - you configure routes for controller, - add models for the app business functionality, - optionally modify view templates. The framework takes care of logs, database, multiple languages, user friendly HTTP errors, friendly URL. - See for example of how to use it. It's a public template, so you can start creating your app by duplicating that repository. Configuration ------------- [](#configuration) - the default environment parameters are set in the [conf/default.conf.php](conf/default.conf.php) - if [Seablast Auth](https://github.com/WorkOfStan/seablast-auth) extension is present (i.e. referenced in composer.json), use also its configuration - if [Seablast I18n](https://github.com/WorkOfStan/seablast-i18n) extension is present (i.e. referenced in composer.json), use also its configuration - everything can be overridden in the web app's `conf/app.conf.php` or even in its local deployment `conf/app.conf.local.php` - set the default phinx environment in the phinx configuration: `['environments']['default_environment']` where the database credentials are stored. Then SeablastConfiguration provides access to MySQLi adapter through mysqli() method and PDO adapter through pdo() method. - the default `log` directory (both for SeablastMysqli/SeablastPdo query.log and Debugger::log()) can be changed as follows `->setString(SeablastConstant::SB_LOG_DIRECTORY, APP_DIR . '/log')`. Anyway, only levels allowed by `SeablastConstant::SB_LOGGING_LEVEL` are logged. Model ----- [](#model) SeablastModel uses model field in APP\_MAPPING to invoke the model in the App. **Model transforms input into knowledge**, therefore the invoked class MUST have a public method `knowledge()` and expect SeablastConfiguration as a constructor argument. - SeablastModel also expects Superglobals $superglobals argument (instead of injection like `$model->setSuperglobals($superglobals);` if required by APP\_MAPPING), so that the environment variables are always easily available. (Especially important for APIs.) The minimal requirements can be implemented by [SeablastModelInterface](src/SeablastModelInterface.php). - If model replies with `rest` property, API response is triggered instead of HTML UI. If the default HTTP code should be changed, set it up in the `httpCode` property. - If model replies with `redirectionUrl` property, then redirection is triggered (instead of HTML UI) with HTTP code 301. The HTTP code MAY be set to 301, 302 or 303 by the `httpCode` property. - If using the default BlueprintWeb.latte, the `title` property is displayed as the page title. ``` SeablastConstant::APP_MAPPING = route => [ 'model' => '\App\Project\ResponseModel', // class name of the model, 'roleIds' => '1,2', // comma delimited roleIds permitted to access the route, ] ``` View ---- [](#view) - Feel free to use the default latte layout `{layout '../vendor/seablast/seablast/views/BlueprintWeb.latte'}` which can be populated by your local `nav.latte` and `footer.latte`. ### Administration [](#administration) - By default the route `/poseidon` displays the app administration. It is available only to the admin=1, editor=2 (their IDs are the same as used in Seablast Auth) with different rights. Note: admin can view/edit everything that editor can, so for admin you need to declare only what they can do on top of it. #### Admin Table Configuration [](#admin-table-configuration) This section describes how database tables and their columns are configured for **viewing and editing** in the admin interface, based on **user roles**. The configuration is **declarative** and role-driven. ##### Core Concepts [](#core-concepts) Admin table access is defined on **three levels**: 1. **Role → Accessible tables** (plus permissions for DELETE\_ROW or INSERT\_ROW) 2. **Role → Table → Viewable columns** 3. **Role → Table → Editable columns** Each level must be explicitly configured. ##### 1. Granting Table Access to a Role [](#1-granting-table-access-to-a-role) Before a table can be displayed or edited, it must be **explicitly allowed** for the given role. ##### Syntax [](#syntax) ``` ->setArrayString( SeablastConstant::ADMIN_TABLE_VIEW . SeablastConstant::USER_ROLE_X, ['table1', 'table2'] ) ``` ##### Meaning [](#meaning) - Defines which tables are visible to a role - If a table is not listed here, it will **not appear at all**, even if columns are defined later ##### Example [](#example) ``` ->setArrayString( SeablastConstant::ADMIN_TABLE_VIEW . SeablastConstant::USER_ROLE_EDITOR, ['audios', 'translations'] ) ``` The `EDITOR` role can access the `audios` and `translations` tables. ##### 2. Defining Viewable Columns (READ-ONLY) [](#2-defining-viewable-columns-read-only) Viewable columns are displayed in the admin table but **cannot be edited**. ##### Syntax [](#syntax-1) ``` ->setArrayArrayString( SeablastConstant::ADMIN_TABLE_VIEW . SeablastConstant::USER_ROLE_X, 'table_name', ['column1', 'column2'] ) ``` ##### Meaning [](#meaning-1) - Defines which columns are shown in the table - Columns listed here are **read-only** - Columns must **not** be duplicated in the EDIT section ##### Example [](#example-1) ``` ->setArrayArrayString( SeablastConstant::ADMIN_TABLE_VIEW . SeablastConstant::USER_ROLE_ADMIN, 'users', ['id', 'email', 'created', 'last_login'] ) ``` The admin can view these columns but cannot modify them. ##### 3. Defining Editable Columns (WRITE) [](#3-defining-editable-columns-write) Editable columns appear as form fields and can be modified. ##### Syntax [](#syntax-2) ``` ->setArrayArrayString( SeablastConstant::ADMIN_TABLE_EDIT . SeablastConstant::USER_ROLE_X, 'table_name', ['editable_column1', 'editable_column2'] ) ``` ##### Meaning [](#meaning-2) - Defines which columns can be edited - Editable columns automatically appear in edit forms - Columns must **not** appear in the VIEW section ##### Example [](#example-2) ``` ->setArrayArrayString( SeablastConstant::ADMIN_TABLE_EDIT . SeablastConstant::USER_ROLE_ADMIN, 'items', ['metadata_text', 'active', 'parent_id', 'order'] ) ``` The admin can modify these fields. ##### 4. Important Rule: Column Exclusivity [](#4-important-rule-column-exclusivity) > **A column may appear only once.** A column must be defined in **either**: - `VIEW`**or** - `EDIT` Never in both. ##### Reason [](#reason) - Prevents UI conflicts - Avoids ambiguous form behavior - Ensures clear permission boundaries ##### 5. Granting Insert/Delete Row Permissions on a Table to a Role [](#5-granting-insertdelete-row-permissions-on-a-table-to-a-role) Before a user can insert or delete a row in a table, it must be **explicitly allowed** for the given role. Be careful with the `DELETE_ROW` permission: deleting a category may trigger a cascading delete. The `INSERT_ROW` permission only makes sense when the user also has the `EDIT` permission. ##### Syntax [](#syntax-3) ``` ->setArrayString( SeablastConstant::ADMIN_TABLE_DELETE_ROW . SeablastConstant::USER_ROLE_X, ['table1', 'table2'] ) ->setArrayString( SeablastConstant::ADMIN_TABLE_INSERT_ROW . SeablastConstant::USER_ROLE_X, ['table1', 'table2'] ) ``` ##### 6. Configuration Overview [](#6-configuration-overview) LevelMethodPurposeRole → Tables`setArrayString()`Which tables a role can accessRole → Tables`setArrayString()`Which tables a role can insert rows intoRole → Tables`setArrayString()`Which tables a role can delete rows fromRole → Table → VIEW`setArrayArrayString()`Read-only columnsRole → Table → EDIT`setArrayArrayString()`Editable columns##### 7. Typical Workflow: Adding a New Table [](#7-typical-workflow-adding-a-new-table) ``` // Step 1 – Allow table access ->setArrayString( SeablastConstant::ADMIN_TABLE_VIEW . SeablastConstant::USER_ROLE_EDITOR, ['new_table'] ) // Step 2 – Define viewable columns ->setArrayArrayString( SeablastConstant::ADMIN_TABLE_VIEW . SeablastConstant::USER_ROLE_EDITOR, 'new_table', ['id', 'name'] ) // Step 3 – Define editable columns ->setArrayArrayString( SeablastConstant::ADMIN_TABLE_EDIT . SeablastConstant::USER_ROLE_EDITOR, 'new_table', ['name', 'active'] ) ``` ##### Summary [](#summary) - Table access is **role-based** - Columns are explicitly split into **VIEW** and **EDIT** - A column may exist in **only one section** - Tables must be registered **before** defining columns This design guarantees predictable behavior, secure access control, and a clean admin UI. #### Color editor for selected fields [](#color-editor-for-selected-fields) Fields that use the color editor (instead of a textarea) also display the selected color as the background. This feature applies to all fields with the same name across all tables (field names MUST be unambiguous). ``` ->setArrayString(SeablastConstant::ADMIN_COLOR_FIELDS, [ 'color_main', // audios.color_main but also item.color_main which still makes sense ]) ``` Authentication and authorisation -------------------------------- [](#authentication-and-authorisation) - Roles are for access. - Routes can be restricted to specific roles (allow-list only; no denies). - Menu items can be both allowed and denied (e.g. don't show to an authenticated user). - Groups are on top of it, e.g. for promotions, subscriptions etc. - RBAC (Role-Based Access Control): SB\_IDENTITY\_MANAGER provided by application MUST have methods prescribed in [IdentityManagerInterface](https://github.com/WorkOfStan/seablast-interfaces/blob/main/src/IdentityManagerInterface.php), these populate FLAG\_USER\_IS\_AUTHENTICATED and USER\_ROLE\_ID and also USER\_ID. Security -------- [](#security) All JSON calls and form submits MUST contain `csrfToken` handed over to the view layer in the `$csrfToken` string latte variable. Stack ----- [](#stack) - PHP >=7.2 <8.6 - [Latte](http://latte.nette.org/) `>=2.10.8 ``` ... changed to ... ``` ``` - See to compare the changes in the latest version Notes ----- [](#notes) - the constant `APP_DIR` = the directory of the current application (or the library, if deployed directly) - don't start the value of a constant for a configuration field in the app.conf.php with SB to prevent value collision Framework directory description ------------------------------- [](#framework-directory-description) DirectoryDescription.github/Automationsassets/Web assets available for browser (such as shared scripts)cache/Latte cache - this is just for development as production-wise, there will be `cache/` directory in the root of the appconf/Default configuration for a Seablast app and for PHPStanlog/Logs - this one is just for development; as production-wise, there will be `log/` directory in the root of the appsrc/Seablast classestests/PHPUnit testsviews/Latte templates to be inherited (note: {try}{include file} masks compilation errors by preferring seablast/views)Testing ------- [](#testing) The PHPUnit tests use the database configuration from `./conf/phinx.local.php`, so the library require-dev Phinx, ensuring PHPUnit tests work on GitHub as well. Development notes ----------------- [](#development-notes) `./blast.sh phpstan` runs PHPStan to test the repository. It can also be called `./vendor/seablast/seablast/blast.sh` from a Seablast application as a management script for deployment and development. Run `./blast.sh -?` to see all the options. ### Health Score 49 — FairBetter than 95% of packages Maintenance89 Actively maintained with recent releases Popularity23 Limited adoption so far Community13 Small or concentrated contributor base Maturity61 Established project with proven stability Bus Factor1 Top contributor holds 97.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~28 days Recently: every ~15 days Total 29 Last Release 64d ago PHP version history (5 changes)v0.1PHP ^7.2|^8.0 v0.2.3PHP ^7.2 || ^8.0 v0.2.5PHP ^7.2 || ^8.1 v0.2.11PHP >=7.2 <8.5 v0.2.13PHP >=7.2 <8.6 ### Community Maintainers ![](https://www.gravatar.com/avatar/f8ab84e79abe75dc2ab7d20061533e5dbd4f5ccde41708c7ae7b70360b4d79f2?d=identicon)[WorkOfStan](/maintainers/WorkOfStan) --- Top Contributors [![WorkOfStan](https://avatars.githubusercontent.com/u/26247074?v=4)](https://github.com/WorkOfStan "WorkOfStan (36 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/seablast-seablast/health.svg) ``` [![Health](https://phpackages.com/badges/seablast-seablast/health.svg)](https://phpackages.com/packages/seablast-seablast) ``` ### Alternatives [nette/nette 👪 Nette Framework - innovative framework for fast and easy development of secured web applications in PHP (metapackage) 1.6k2.8M335](/packages/nette-nette)[nextras/mail-panel MailPanel is extension for Nette Framework which captures sent e-mails in development mode and shows them in debugger bar. 741.2M4](/packages/nextras-mail-panel)[nette/web-project Nette: Standard Web Project 10991.8k](/packages/nette-web-project)[shopsys/framework Core of Shopsys Platform - open source framework for building large, scalable, fast-growing e-commerce projects based on Symfony 25211.4k19](/packages/shopsys-framework) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)