PHPackages                             wpboilerplate/wpb-access-control - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. wpboilerplate/wpb-access-control

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

wpboilerplate/wpb-access-control
================================

Extensible per-resource access control library for WordPress plugins

v1.1.1(1w ago)053↑918.9%GPL-2.0-or-laterPHPPHP &gt;=7.4CI passing

Since May 18Pushed 1w agoCompare

[ Source](https://github.com/WPBoilerplate/wpb-access-control)[ Packagist](https://packagist.org/packages/wpboilerplate/wpb-access-control)[ Docs](https://github.com/WPBoilerplate/wpb-access-control)[ RSS](/packages/wpboilerplate-wpb-access-control/feed)WikiDiscussions main Synced 1w ago

READMEChangelogDependencies (4)Versions (10)Used By (0)

wpb-access-control
==================

[](#wpb-access-control)

Extensible per-resource access control library for WordPress plugins.

Answers one question: **"Does this user have access to this resource?"**

The library owns its own database table (managed by **BerlinDB**), ships WordPress role and user providers out of the box, exposes a REST API for managing rules from any client, and provides a ready-to-drop-in **React component** so consuming plugins get a full admin UI without writing any front-end code.

---

Table of Contents
-----------------

[](#table-of-contents)

1. [Requirements](#requirements)
2. [Installation](#installation)
3. [PHP Setup](#php-setup)
4. [Complete Integration Example](#complete-integration-example)
5. [Checking Access](#checking-access)
6. [React Component UI](#react-component-ui)
7. [Reading &amp; Writing Rules (PHP)](#reading--writing-rules-php)
8. [REST API](#rest-api)
9. [Events](#events)
10. [Custom Providers](#custom-providers)
11. [Built-in Providers](#built-in-providers)
12. [Important Notes](#important-notes)
13. [Database Table Reference](#database-table-reference)

---

Requirements
------------

[](#requirements)

PHP7.4+WordPress5.9+Node.js18+ *(only needed if you rebuild the JS assets)*`automattic/jetpack-autoloader`**^5.0** (mandatory — see below)`berlindb/core`**^2.0** (DB layer)---

Installation
------------

[](#installation)

```
composer require wpboilerplate/wpb-access-control
```

Your `composer.json` must include Jetpack Autoloader:

```
{
    "require": {
        "automattic/jetpack-autoloader": "^5.0",
        "berlindb/core": "^2.0",
        "wpboilerplate/wpb-access-control": "^1.0"
    },
    "config": {
        "allow-plugins": {
            "automattic/jetpack-autoloader": true
        }
    }
}
```

> **Why Jetpack Autoloader is mandatory**
>
> If two plugins install this library at different versions, PHP throws a fatal "class already declared" error. Jetpack Autoloader scans every installed plugin, finds all copies, and loads only the newest one.

In your plugin's main file, require the Jetpack Autoloader entry point — **not** the standard `vendor/autoload.php`:

```
require_once __DIR__ . '/vendor/autoload_packages.php';
```

---

PHP Setup
---------

[](#php-setup)

### 1. Boot the manager

[](#1-boot-the-manager)

Declare `$manager` at **file scope** (outside any closure) so every subsequent hook can capture it via `use`. Always pass a **plugin-specific filter tag** to prevent your providers bleeding into other plugins that also use this library.

```
use WPBoilerplate\AccessControl\AccessControlManager;

// File scope — available to all hooks below via `use ( $manager )`.
$manager = new AccessControlManager( 'my_plugin_access_control_providers' );
```

`AccessControlManager` owns a `RuleQuery` internally. Instantiating it registers `RuleTable` via BerlinDB, which creates or upgrades the `{prefix}wpb_access_control` table automatically on `admin_init`.

> **Need to wait for other plugins first?** Use a reference capture instead:
>
> ```
> $manager = null;
> add_action( 'plugins_loaded', function () use ( &$manager ) {
>     $manager = new AccessControlManager( 'my_plugin_access_control_providers' );
> } );
> // All subsequent hooks must also use `&$manager`.
> ```

### 2. Register the REST API

[](#2-register-the-rest-api)

Call `register_rest_api()` from `rest_api_init` to expose the `wpb-ac/v1`endpoints. The consuming plugin decides whether to enable them.

```
add_action( 'rest_api_init', function () use ( $manager ) {
    $manager->register_rest_api();
} );
```

---

Complete Integration Example
----------------------------

[](#complete-integration-example)

Below is a self-contained `my-plugin.php` showing **all pieces wired together**: initialising the manager, registering the REST API, enqueueing the React UI, rendering the mount point, and checking access.

```