PHPackages sminnee/silverstripe-microacl - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. sminnee/silverstripe-microacl AbandonedArchivedSilverstripe-vendormodule[Authentication & Authorization](/categories/authentication) sminnee/silverstripe-microacl ============================= Experimental ACL system for Silverstripe based on Permission codes 0.1.0(5y ago)15[2 issues](https://github.com/sminnee/silverstripe-microacl/issues)BSD-3-ClausePHP Since Aug 12Pushed 5y ago1 watchersCompare [ Source](https://github.com/sminnee/silverstripe-microacl)[ Packagist](https://packagist.org/packages/sminnee/silverstripe-microacl)[ RSS](/packages/sminnee-silverstripe-microacl/feed)WikiDiscussions master Synced yesterday READMEChangelogDependencies (4)Versions (2)Used By (0) Micro ACL ========= [](#micro-acl) This is a Silverstripe module that lets you attach a simple ACL to your Silverstripe data objects. It's designed to provide a more complete permission system based on the existing Permission codes, without requiring major refactoring of the core framework to support it. Usage ----- [](#usage) First, install the module: ``` > composer require sminnee/silverstripe-microacl:^0.1 ``` Then add the ACLExtension class to a data object: ``` use SilverStripe\ORM\DataObject; use Sminnee\MicroACL\ACLExtension; class MyClass extends DataObject { // ... private static $extensions = [ ACLExtension::class, ]; } ``` Run `dev/build` and you're good to go! Permission model ---------------- [](#permission-model) The permission model currently has the following characteristics. - By default, every record has 'standard permissions'. This provides class-level security - Individual records can be set to having 'restricted permissions'. This provides record-level security. - Users (via Groups or Roles) can the granted the following permissions: - Access to standard items - Access to restricted items, by records - Access to all items, including all restricted items - Rights are broken down into view and edit permissions are defined. - You can delete anything that you can edit - Anyone who can edit a standard record can create records - In addition, each type has a permission code to administering permissions, which exposes the Access tab on records All of the permission allocation is done through dynamically generated permission codes. This means that both groups and roles can be assigned these rights, and that the admin/security/ area can provide a complete view of the access rights granted (which is not the case with SiteTree\_Viewers in the default CMS permission model) - `ACL_(DataClass)_(VIEW|EDIT)_DEFAULT`: standard access - `ACL_(DataClass)_(VIEW|EDIT)_RECORD.(RecordID)`: record-specific access - `ACL_(DataClass)_(VIEW|EDIT)_ALL`: full access - `ACL_(DataClass)_ACCESS_ADMIN`: administer access rights Future development ------------------ [](#future-development) This module is an initial proof-of-concept and has a number of functional limitations that would be worth addressing: - Define permissions beyond view and edit. - Define cluster-level security. For example: - Of you have two data objects, Category and Item - And a Category has\_many Item relationship - Then you may want to set permissions for all Items of a given Category - Define permissions based on a hierarchy, e.g. that found in SitTree. This is a special form of cluster-level security based on a recursive relationship. The user interfaces are also far from optimal, and a re-thinking of the language and presentation of these controls would be highly valuable. Limitations ----------- [](#limitations) Because permission codes are stored as strings, it is harder to efficiently create queries to, for exmaple, filter a list to only those that the current member can view. Optimisation of batch queries (which is another problem with the current system based on canView methods) wasn't a design goal of this module. ### Health Score 15 — LowBetter than 3% of packages Maintenance0 Infrequent updates — may be unmaintained Popularity5 Limited adoption so far Community4 Small or concentrated contributor base Maturity44 Maturing project, gaining track record How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 2099d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/be6648e60fbab6f70bfc34dd8c14259562d28a47510a934ea9c01fe98633f3c2?d=identicon)[sminnee](/maintainers/sminnee) ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/sminnee-silverstripe-microacl/health.svg) ``` [![Health](https://phpackages.com/badges/sminnee-silverstripe-microacl/health.svg)](https://phpackages.com/packages/sminnee-silverstripe-microacl) ``` ### Alternatives [silverstripe/contentreview Flags pages for periodical author review (incl. reporting) 22264.3k4](/packages/silverstripe-contentreview)[silverstripe/mfa Enable multi-factor authentication with fallback codes 10346.1k8](/packages/silverstripe-mfa)[bigfork/silverstripe-oauth-login SilverStripe logins via OAuth2, using the PHP League's OAuth2 client 1794.7k2](/packages/bigfork-silverstripe-oauth-login)[dhensby/silverstripe-masquerade SilverStripe module to allow you to masquerade as other users 1525.4k1](/packages/dhensby-silverstripe-masquerade) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)