PHPackages                             sylius/rbac-plugin - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. sylius/rbac-plugin

AbandonedArchivedSylius-plugin[Authentication &amp; Authorization](/categories/authentication)

sylius/rbac-plugin
==================

Sylius roles and permissions management plugin

v0.3.0(6y ago)2697.7k↓61.5%37[9 issues](https://github.com/Sylius/RbacPlugin/issues)[2 PRs](https://github.com/Sylius/RbacPlugin/pulls)MITPHPPHP ^7.2

Since Jan 2Pushed 6y ago9 watchersCompare

[ Source](https://github.com/Sylius/RbacPlugin)[ Packagist](https://packagist.org/packages/sylius/rbac-plugin)[ RSS](/packages/sylius-rbac-plugin/feed)WikiDiscussions master Synced yesterday

READMEChangelog (4)Dependencies (26)Versions (5)Used By (0)

 [ ![](https://camo.githubusercontent.com/1567208cc7c8ec53cf6e2af4f54449a9bb3ab0dee7916998de4e3ce9b7f79015/68747470733a2f2f64656d6f2e73796c6975732e636f6d2f6173736574732f73686f702f696d672f6c6f676f2e706e67) ](https://sylius.com)

Rbac Plugin
===========

[](#rbac-plugin)

[![](https://camo.githubusercontent.com/9b437c7f32af7f569d4c0d8e750fd3e94c19a1a7ad491228a34cf567b0ea8af4/68747470733a2f2f73796c6975732e636f6d2f6173736574732f62616467652d6f6666696369616c2d73796c6975732d706c7567696e2e706e67)](https://sylius.com/plugins/)

This plugin provides basic roles and permissions management functionality for Sylius application.

#### Beware!

[](#beware)

Adding Write access to a permission automatically means adding Read access.

Write permission access means also updating and deleting.

Installation
------------

[](#installation)

1. Require plugin with composer:

    ```
    composer require sylius/rbac-plugin
    ```
2. Add plugin class and `ProophServiceBusBundle` to your `bundles.php`.

    ```
    return [
       // ...
       Prooph\Bundle\ServiceBus\ProophServiceBusBundle::class => ['all' => true],
       Sylius\RbacPlugin\SyliusRbacPlugin::class => ['all' => true],
    ];
    ```
3. Override AdminUser entity:

a) Use AdministrationRoleAwareTrait and implement AdministrationRoleAwareInterface in the AdminUser class of your Sylius-Standard based project:

```
use Doctrine\ORM\Mapping\MappedSuperclass;
use Doctrine\ORM\Mapping\Table;
use Sylius\Component\Core\Model\AdminUser as BaseAdminUser;
use Sylius\RbacPlugin\Entity\AdministrationRoleAwareInterface;
use Sylius\RbacPlugin\Entity\AdministrationRoleAwareTrait;

/**
 * @MappedSuperclass
 * @Table(name="sylius_admin_user")
 */
class AdminUser extends BaseAdminUser implements AdministrationRoleAwareInterface
{
    use AdministrationRoleAwareTrait;
}
```

b) And override the model's class in the chosen configuration file (e.g. `config/_sylius.yaml`):

```
sylius_user:
    resources:
        admin:
            user:
                classes:
                    model: App\Entity\AdminUser
```

4. Import routing in `config/routes/sylius_rbac.yaml`:

    ```
    sylius_rbac:
        resource: "@SyliusRbacPlugin/Resources/config/routing.yml"
    ```
5. Import configuration in `config/packages/sylius_rbac.yaml`:

    ```
    imports:
        - { resource: "@SyliusRbacPlugin/Resources/config/config.yml" }
    ```
6. Copy plugin migrations to your migrations directory (e.g. `src/Migrations`) and apply them to your database:

    ```
    cp -R vendor/sylius/rbac-plugin/migrations/* src/Migrations/
    bin/console doctrine:migrations:migrate
    ```
7. Copy overwritten `SyliusAdminBundle` templates:

    ```
    mkdir templates/bundles/SyliusAdminBundle
    cp -R vendor/sylius/rbac-plugin/src/Resources/views/SyliusAdminBundle/* templates/bundles/SyliusAdminBundle/
    ```
8. Run installation command

    ```
    bin/console sylius-rbac:install-plugin
    ```

    Which consists of:

    - `sylius:fixtures:load`

        Loading fixture with a default "No sections access" role.

        The command runs in non-interactive mode so it will NOT purge your database. However, once you run it again it will throw an exception because of duplicate entry constraint violation.

        If you want to install RBAC plugin again on the same environment you will have to remove all roles manually via administration panel or run all commands except `sylius:fixtures:load` separately.
    - `sylius-rbac:normalize-administrators`

        Assigns role created in a previous step to all already existent administrators.
    - `sylius-rbac:grant-access  `

        Where `adminSections` can be a space-separated list of any of these:

        - catalogManagement
        - configuration
        - customerManagement
        - marketingManagement
        - salesManagement

        #### Beware!

        [](#beware-1)

        There are two ways of defining root administrator's email address:

        - Provide it as a parameter in your configuration file (you will not be asked to enter it again via CLI during plugin's installation)

        ```
        parameters:
            root_administrator_email: example@example.com
        ```

        - Provide it via CLI

        e.g. `bin/console sylius-rbac:grant-access administrator configuration catalogManagement`

        `In order to permit access to admin panel sections, please provide administrator's email address: sylius@example.com`

        By default, installation command creates *Configurator* role with access granted to all sections.

#### Beware!

[](#beware-2)

You can also use `bin/console sylius-rbac:grant-access-to-given-administrator   `command in order to provide an email address as an input parameter.

#### Beware!

[](#beware-3)

`AdminUser` entity references `AdministrationRoleInterface`, which is an abstraction layer above the default `AdministrationRole` implementation. You can easily customize it by adding a following snippet in your `*.yaml` configuration file:

```
doctrine:
    orm:
        resolve_target_entities:
            Sylius\RbacPlugin\Entity\AdministrationRoleInterface: FullyQualifiedClassName
```

Sections configuration
----------------------

[](#sections-configuration)

By default, **RbacPlugin** is provided with access configuration for basic Sylius sections (catalog, configuration, customers, marketing and sales) as well as for RBAC section, added by the plugin itself. Each section has a bunch of route prefixes associated with them, that describes which section gives permissions to which resources management.

However, usually, a Sylius application has a plenty of custom functions within existing or entirely new sections. This plugin allows you to extend its configuration, in order to restrict access to these custom routes.

For the matter of example let's assume we have a simple `Supplier` resource (containing only `string $name` property). It also has already generated routes, that we would like to restrict access to:

- `app_admin_supplier_index`
- `app_admin_supplier_create`
- `app_admin_supplier_update`
- `app_admin_supplier_bulk_delete`
- `app_admin_supplier_delete`

If you don't know how to create and configure custom resource in Sylius application, check out [relevant documentation chapter](https://docs.sylius.com/en/1.3/cookbook/entities/custom-model.html).

### Extending basic Sylius section with new route prefixes

[](#extending-basic-sylius-section-with-new-route-prefixes)

The only thing required to restrict Supplier-related routes with, for example, "Customer management" permission, is adding appropriate route prefix to customers section configuration:

```
sylius_rbac:
    sylius_sections:
        customers:
            - app_admin_supplier
```

You would probably also want to add extend "Customers" section in Admin main menu (take a look at [this docs chapter](https://docs.sylius.com/en/1.3/customization/menu.html) for more information).

[![Customers sections customized](docs/customers_section_customized.png)](docs/customers_section_customized.png)

As a result, each Administrator allowed to manage customers in the Admin panel would also be able to manage Suppliers. You may also notice, nothing has changed in permissions configuration form, as no new section has been added to the RBAC configuration.

[![Permissions configuration - no changes](docs/permissions_configuration_no_changes.png)](docs/permissions_configuration_no_changes.png)

### Adding a custom section to the application

[](#adding-a-custom-section-to-the-application)

What if you want to differentiate your new resources management permission? The other possibility is to define your own, custom section in a plugin configuration:

```
sylius_rbac:
    custom_sections:
        suppliers:
            - app_admin_supplier
```

> Curiosity: RBAC is also defined as a custom section! You can easily check it out in a plugin source code.

With such a configuration, you should notice a new permission configuration available in the Administration Role form.

[![Permissions configuration - no changes](docs/permissions_configuration_changes.png)](docs/permissions_configuration_changes.png)

To display new permission name nicely, you should also configure a translation in your application's translation file:

```
sylius_rbac:
    ui:
        permission:
            suppliers: Suppliers
```

#### Beware!

[](#beware-4)

You should take into account that by default the RBAC Plugin recognizes the admin-related routes using logic placed in the `HardcodedRouteNameChecker` class, which is the following:

```
    public function isAdminRoute(string $routeName): bool
    {
        return
            strpos($routeName, 'sylius_admin') !== false ||
            strpos($routeName, 'sylius_rbac_admin') !== false
        ;
    }
```

Let's assume that you added a new route to your application and you want it to be handled by the RBAC plugin. Once you did so, you should override the checker placed above and customize it in the following manner:

```
    public function isAdminRoute(string $routeName): bool
    {
        return
            strpos($routeName, 'sylius_admin') !== false ||
            strpos($routeName, 'sylius_rbac_admin') !== false ||
            strpos($routeName, 'your_custom_phrase' !== false
        ;
    }
```

#### Remember!

[](#remember)

When configuring a custom section in Admin main menu, name it the same way you named it under `custom_sections` key in the plugin configuration. It will be automatically hidden and shown, exactly as basic Sylius sections!

```
$suppliersSubmenu = $menu->addChild('suppliers')->setLabel('Suppliers');

$suppliersSubmenu
    ->addChild('supplier', ['route' => 'app_admin_supplier_index'])
    ->setLabel('Manage Suppliers')
    ->setLabelAttribute('icon', 'address card outline')
;
```

[![Suppliers section](docs/suppliers_section.png)](docs/suppliers_section.png)

After these few simple steps, you can already give your custom permission to any already existent Administration role.

Security issues
---------------

[](#security-issues)

If you think that you have found a security issue, please do not use the issue tracker and do not post it publicly. Instead, all security issues must be sent to `security@sylius.com`.

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance13

Infrequent updates — may be unmaintained

Popularity42

Moderate usage in the ecosystem

Community26

Small or concentrated contributor base

Maturity49

Maturing project, gaining track record

 Bus Factor2

2 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~67 days

Total

4

Last Release

2537d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/719423?v=4)[Sylius eCommerce](/maintainers/sylius)[@Sylius](https://github.com/Sylius)

![](https://www.gravatar.com/avatar/4b4a5a1a9293502aa8573551fab020963a9050c5cca4524433b6d94214d3b480?d=identicon)[GSadee](/maintainers/GSadee)

---

Top Contributors

[![bartoszpietrzak1994](https://avatars.githubusercontent.com/u/22262296?v=4)](https://github.com/bartoszpietrzak1994 "bartoszpietrzak1994 (92 commits)")[![Zales0123](https://avatars.githubusercontent.com/u/6212718?v=4)](https://github.com/Zales0123 "Zales0123 (85 commits)")[![GSadee](https://avatars.githubusercontent.com/u/6140884?v=4)](https://github.com/GSadee "GSadee (18 commits)")[![Tomanhez](https://avatars.githubusercontent.com/u/39232096?v=4)](https://github.com/Tomanhez "Tomanhez (9 commits)")[![Roshyo](https://avatars.githubusercontent.com/u/9363039?v=4)](https://github.com/Roshyo "Roshyo (4 commits)")[![pamil](https://avatars.githubusercontent.com/u/1897953?v=4)](https://github.com/pamil "pamil (4 commits)")[![peterukena](https://avatars.githubusercontent.com/u/1793860?v=4)](https://github.com/peterukena "peterukena (3 commits)")[![lchrusciel](https://avatars.githubusercontent.com/u/6213903?v=4)](https://github.com/lchrusciel "lchrusciel (2 commits)")[![hmonglee](https://avatars.githubusercontent.com/u/1676010?v=4)](https://github.com/hmonglee "hmonglee (1 commits)")[![mamazu](https://avatars.githubusercontent.com/u/14860264?v=4)](https://github.com/mamazu "mamazu (1 commits)")[![vvasiloi](https://avatars.githubusercontent.com/u/7114562?v=4)](https://github.com/vvasiloi "vvasiloi (1 commits)")

---

Tags

symfonysyliusrbace-commercesylius-plugin

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/sylius-rbac-plugin/health.svg)

```
[![Health](https://phpackages.com/badges/sylius-rbac-plugin/health.svg)](https://phpackages.com/packages/sylius-rbac-plugin)
```

###  Alternatives

[sylius/refund-plugin

Plugin provides basic refunds functionality for Sylius application.

701.8M20](/packages/sylius-refund-plugin)[sylius/invoicing-plugin

Invoicing plugin for Sylius.

891.1M2](/packages/sylius-invoicing-plugin)[sylius/price-history-plugin

Implementation of the Omnibus Directive for Sylius application.

1141.6k](/packages/sylius-price-history-plugin)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
