PHPackages stonedz/pff2-permissions - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. stonedz/pff2-permissions ActivePff2-module[Authentication & Authorization](/categories/authentication) stonedz/pff2-permissions ======================== Manages permissions in pff2 controllers v4.0(4mo ago)0173↓85%1MITPHPCI failing Since Oct 18Pushed 4mo ago1 watchersCompare [ Source](https://github.com/stonedz/pff2-permissions)[ Packagist](https://packagist.org/packages/stonedz/pff2-permissions)[ Docs](https://github.com/stonedz/pff2-permissions)[ RSS](/packages/stonedz-pff2-permissions/feed)WikiDiscussions master Synced 3w ago READMEChangelogDependencies (3)Versions (28)Used By (1) pff2-permissions ================ [](#pff2-permissions) Permissions module for `stonedz/pff2` controllers. It reads permission metadata from controller classes/actions and blocks access when the logged user does not have the required permission flags. Requirements ------------ [](#requirements) - `stonedz/pff2` v4 - Doctrine ORM enabled in your app (the module reads the user model through the EntityManager) Installation ------------ [](#installation) 1. Require the module: ``` composer require stonedz/pff2-permissions ``` 2. Enable it in your app modules list. 3. Add module configuration in your app config folder: `app/config/modules/pff2-permissions/module.conf.yaml` ``` moduleConf: userClass: AnagraficaBusiness sessionUserId: id_user getPermission: getPermesso controllerNotLogged: Index actionNotLogged: index permissionClass: Permesso ``` Configuration reference ----------------------- [](#configuration-reference) - `userClass`: user model class name under `\pff\models`. - `sessionUserId`: key used in `$_SESSION['logged_data']` for the logged user id. - `getPermission`: method called on the user instance to retrieve the permission object. - `controllerNotLogged`: redirect controller when user is not logged. - `actionNotLogged`: redirect action when user is not logged. - `permissionClass`: permission model class name under `\pff\models`. Usage (native attributes) ------------------------- [](#usage-native-attributes) Use attributes on controller class and/or action method. ``` use pff\modules\Attributes\Pff2Permissions; use pff\modules\Attributes\Pff2PermissionsLogicalOperator; #[Pff2Permissions(["Logged", "FatturazioneWriteable"])] class Fatturazione_Controller extends AController { #[Pff2Permissions(["Admin"])] #[Pff2PermissionsLogicalOperator(Pff2PermissionsLogicalOperator::OR)] public function editAction() { } } ``` ### Supported attributes [](#supported-attributes) - `#[Pff2Permissions(["PermissionA", "PermissionB"])]` - `#[Pff2PermissionsLogicalOperator(Pff2PermissionsLogicalOperator::AND)]` - `#[Pff2PermissionsLogicalOperator(Pff2PermissionsLogicalOperator::OR)]` If `Pff2PermissionsLogicalOperator` is omitted, default behavior is `AND`. Backward compatibility (legacy docblocks) ----------------------------------------- [](#backward-compatibility-legacy-docblocks) Legacy docblock annotations are still supported, so existing controllers keep working: ``` /** * @Pff2Permissions ["Logged","FatturazioneWriteable"] */ class Fatturazione_Controller extends AController { /** * @Pff2Permissions ["Admin"] * @Pff2PermissionsLogicalOperator OR */ public function editAction() { } } ``` The legacy variant `@Pff2PermissionslogicalOperator` (lowercase `l`) is also recognized. Permission evaluation rules --------------------------- [](#permission-evaluation-rules) - Class and method permissions are merged. - Duplicate permission entries are removed. - `AND`: all listed permissions must be true. - `OR`: at least one listed permission must be true. - If no permission annotations are present, the request is allowed. Runtime behavior ---------------- [](#runtime-behavior) - Not logged user: redirected to `controllerNotLogged/actionNotLogged`. - Logged user without permission: a `403` (`Action not permitted`) is thrown. - Missing ORM setup: a `500` is thrown (`PermissionChecker requires Doctrine ORM to be enabled`). ### Health Score 46 — FairBetter than 92% of packages Maintenance77 Regular maintenance activity Popularity11 Limited adoption so far Community9 Small or concentrated contributor base Maturity73 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~159 days Recently: every ~1025 days Total 27 Last Release 126d ago Major Versions v1.2.6 → v2.0.02017-02-02 v2.1.0 → 3.0.x-dev2021-09-02 3.0.x-dev → v4.02026-02-17 ### Community Maintainers ![](https://www.gravatar.com/avatar/b25781e23d83f6dc0a4fac1dc29ec623c2ad0996976c0d869b1bd85022651e11?d=identicon)[stonedz](/maintainers/stonedz) --- Top Contributors [![stonedz](https://avatars.githubusercontent.com/u/13465?v=4)](https://github.com/stonedz "stonedz (36 commits)") --- Tags permissionsmodulepff2 ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/stonedz-pff2-permissions/health.svg) ``` [![Health](https://phpackages.com/badges/stonedz-pff2-permissions/health.svg)](https://phpackages.com/packages/stonedz-pff2-permissions) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k98.0M1.3k](/packages/spatie-laravel-permission)[lm-commons/lmc-rbac-mvc Laminas Framework MVC Module that provides a layer of features of Laminas\\Permissions\\Rbac 12425.4k10](/packages/lm-commons-lmc-rbac-mvc)[org_heigl/hybridauth Lightweight Authentication Module for Zend-Framework 2 using the hybridauth-library 212.6k](/packages/org-heigl-hybridauth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)