PHPackages web-complete/rbac - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. web-complete/rbac ActiveLibrary[Authentication & Authorization](/categories/authentication) web-complete/rbac ================= Role Based Access Control 2.0.1(8y ago)3732MITPHPPHP >=7.0.0 Since Sep 23Pushed 8y ago1 watchersCompare [ Source](https://github.com/web-complete/rbac)[ Packagist](https://packagist.org/packages/web-complete/rbac)[ RSS](/packages/web-complete-rbac/feed)WikiDiscussions master Synced 4d ago READMEChangelogDependencies (2)Versions (6)Used By (0) WebComplete RBAC ================ [](#webcomplete-rbac) [![Build Status](https://camo.githubusercontent.com/804420cc13c51a1f7071499c5a6f8d26438be219d136d3beacce64e55cbf0f2e/68747470733a2f2f7472617669732d63692e6f72672f7765622d636f6d706c6574652f726261632e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/web-complete/rbac)[![Coverage Status](https://camo.githubusercontent.com/1047a62c3739b23fa21ecf50fed00d64f8b36db5d5b18f35ddefaba176706f07/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f7765622d636f6d706c6574652f726261632f62616467652e7376673f6272616e63683d6d6173746572)](https://coveralls.io/github/web-complete/rbac?branch=master)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/d5f86ceff34a27cf8fd4cea7e3a391528a880398a99b75f83c6870235a4e630a/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f7765622d636f6d706c6574652f726261632f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/web-complete/rbac/?branch=master)[![Latest Stable Version](https://camo.githubusercontent.com/433301728f9a730bab8ab0a021985e284ef589658eac0173fc2e0ae1fa7c893a/68747470733a2f2f706f7365722e707567782e6f72672f7765622d636f6d706c6574652f726261632f76657273696f6e)](https://packagist.org/packages/web-complete/rbac)[![License](https://camo.githubusercontent.com/e6039fb1333df4f8159be332d88dba4c0e2c9c03749f91736366799fcc77c6d6/68747470733a2f2f706f7365722e707567782e6f72672f7765622d636f6d706c6574652f726261632f6c6963656e7365)](https://packagist.org/packages/web-complete/rbac) Tiny flexible RBAC implementation with no dependencies. Role-based-access-control ([RBAC](https://en.wikipedia.org/wiki/Role-based_access_control)) is a policy neutral access control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments. Installation ------------ [](#installation) ``` composer require web-complete/rbac ``` Usage ----- [](#usage) - **Initiate with resource object**. Resource object can be a FileResource or a RuntimeResource. You can also create any necessary resource (Mysql, Redis, Bongo etc) by extending AbstractResource or implementing ResourceInterface. ``` $resource = new FileResource($path . '/rbac.data'); $rbac = new Rbac($resource); ``` - **Create permissions hierarchy** ``` $p1 = $rbac->createPermission('post:create', 'Can create posts'); $p2 = $rbac->createPermission('post:moderate', 'Can moderate posts'); $p3 = $rbac->createPermission('post:update', 'Can update posts'); $p4 = $rbac->createPermission('post:delete', 'Can delete posts'); $p2->addChild($p3); // moderator can also update $p2->addChild($p4); // and delete posts ``` - **Create role hierarchy** ``` $adminRole = $rbac->createRole('admin'); $moderatorRole = $rbac->createRole('moderator'); $authorRole = $rbac->createRole('author'); $adminRole->addChild($moderatorRole); // admin has all moderator's rights ``` - **Bind roles and permissions** ``` ... $moderatorRole->addPermission($p2); ... ``` - **Persist state** ``` $rbac->save(); ``` - **Checking access rights** ``` if($rbac->getRole($user->role)->checkAccess('post:moderate') { ... // User can moderate posts } // or add to your user's class something like: $user->can('post:moderate') ``` ### Rules [](#rules) Sometimes it's not enough to simple check the permission. For example, an author can edit and delete only his own posts. For that case you can create a rule by implementing RuleInterface with one method «execute»: ``` class AuthorRule implements WebComplete\rbac\entity\RuleInterface { /** * @param array|null $params * * @return bool */ public function execute($params): bool { // @var Post $post if($post = $params['post'] ?? null) { return $post->authorId === ($params['userId'] ?? null); } return false; } } ``` - **Configure RBAC** ``` $p5 = $rbac->createPermission('post:author:update', 'Author can update his posts'); $p6 = $rbac->createPermission('post:author:delete', 'Author can delete his posts'); $p5->setRuleClass(AuthorRule::class); $p6->setRuleClass(AuthorRule::class); $authorRole->addPermission($p5); $authorRole->addPermission($p6); ``` - **And then check rights with parameters** ``` if($rbac->checkAccess('post:author:delete', ['userId' => $userId, 'post' => $post]) { ... // The user is author of the post and can delete it } ``` ### Health Score 30 — LowBetter than 64% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity17 Limited adoption so far Community7 Small or concentrated contributor base Maturity62 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~35 days Total 5 Last Release 3015d ago Major Versions 1.0.1 → 2.0.02018-02-12 ### Community Maintainers ![](https://www.gravatar.com/avatar/e557e816560f9c9295e3d74205ce5ac83f84ac226ffe51de5375556acae3f9e9?d=identicon)[mvkasatkin](/maintainers/mvkasatkin) --- Top Contributors [![mvkasatkin](https://avatars.githubusercontent.com/u/3389061?v=4)](https://github.com/mvkasatkin "mvkasatkin (18 commits)") --- Tags authorizationaclrbac ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/web-complete-rbac/health.svg) ``` [![Health](https://phpackages.com/badges/web-complete-rbac/health.svg)](https://phpackages.com/packages/web-complete-rbac) ``` ### Alternatives [santigarcor/laratrust This package provides a flexible way to add Role-based Permissions to Laravel 2.3k5.4M43](/packages/santigarcor-laratrust)[casbin/casbin a powerful and efficient open-source access control library for php projects. 1.3k1.4M54](/packages/casbin-casbin)[casbin/laravel-authz An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel. 324339.9k4](/packages/casbin-laravel-authz)[casbin/think-authz An authorization library that supports access control models like ACL, RBAC, ABAC for ThinkPHP. 27918.5k6](/packages/casbin-think-authz)[hasinhayder/tyro Tyro - The ultimate Authentication, Authorization, and Role & Privilege Management solution for Laravel 12 & 13 6712.1k2](/packages/hasinhayder-tyro)[efficiently/authority-controller AuthorityController is an PHP authorization library for Laravel 5 which restricts what resources a given user is allowed to access. 15533.2k](/packages/efficiently-authority-controller) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)