PHPackages                             sitepoint/rauth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. sitepoint/rauth

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

sitepoint/rauth
===============

A basic annotation-based ACL package

0.1(10y ago)416134[7 issues](https://github.com/sitepoint/Rauth/issues)MITPHPPHP ~7.0

Since Feb 20Pushed 10y ago6 watchersCompare

[ Source](https://github.com/sitepoint/Rauth)[ Packagist](https://packagist.org/packages/sitepoint/rauth)[ Docs](https://github.com/SitePoint/Rauth)[ RSS](/packages/sitepoint-rauth/feed)WikiDiscussions master Synced 4w ago

READMEChangelog (1)Dependencies (4)Versions (3)Used By (0)

Rauth
=====

[](#rauth)

[![Latest Version on Packagist](https://camo.githubusercontent.com/860036886f97e7a040ab8fe3e7bd598c3bbd4d055e5f62ea4ad1d776f9884135/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f53697465506f696e742f52617574682e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/sitepoint/rauth)[![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE.md)[![Build Status](https://camo.githubusercontent.com/d3a791cf6c15349512a4a5fbc8a65657b1a79db9692ad4c7cbc846f99ad5d89f/68747470733a2f2f7472617669732d63692e6f72672f73697465706f696e742f52617574682e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/sitepoint/Rauth)[![Coverage Status](https://camo.githubusercontent.com/f181fd56459bf447eeb2889d4677066414a9cc31fb5d93fe9a0272c1443c6cf0/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f636f7665726167652f672f53697465506f696e742f52617574682e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/sitepoint/Rauth/code-structure)[![Quality Score](https://camo.githubusercontent.com/10604725732c6b3ced527912564844565e445a69f77a1a61a0cb76bf61f3bfb2/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f53697465506f696e742f52617574682e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/sitepoint/Rauth)

Rauth is a simple package for parsing the `@auth-*` lines of a docblock. These are then matched with some arbitrary attributes like "groups" or "permissions" or anything else you choose. See basic usage below.

Why?
----

[](#why)

I wanted:

- to be able to define "rules" without strapping my routes to a bunch of regex
- to be able to change routes on a whim and make the rules apply app-wide, API mode or DOM mode, without having to change anything. By putting permissions onto classes and methods, I have more control over an app's setup and its roles.

Annotations Are Bad ™
---------------------

[](#annotations-are-bad-)

Somewhat "controversially", Rauth defaults to using annotations to control access. No matter which camp you're in regarding annotations in PHP, here's why their use in Rauth's case is nowhere near as wrong as [some](https://www.reddit.com/r/PHP/comments/48m8yo/rauth_simple_annotationbased_package_for_limiting/) make it out to be:

- as you'll usually control access to controllers and actions in a typical MVC app, hard-coupling them to Rauth like this is not only harmless (controllers almost always need to be [completely discarded and rewritten](http://tldrify.com/fon) if you're changing frameworks or the app's structure in a major way), it also provides you with instant insight into which class / method has which ACL requirements
- if you don't like annotations, you can feed Rauth a pre-cached or pre-parsed list of permissions and classes they apply to, so the whole annotations issue can be avoided completely
- there's no more fear of annotations slowing things down because PHP needs to reflect into the classes in question and extract them every time. With OpCache on at all times, this only happens once, and with Rauth's own cache support, this can even be saved elsewhere and the annotation reading pass can be avoided altogether.

Install
-------

[](#install)

Via Composer

```
composer require sitepoint/rauth
```

Basic Usage
-----------

[](#basic-usage)

Boostrap Rauth somewhere (preferably a bootstrap file, or wherever you configure your DI container) like so:

```
