{"id":18715080,"url":"https://github.com/cerbos/cerbos-sdk-php","last_synced_at":"2025-11-04T21:02:39.105Z","repository":{"id":41193959,"uuid":"503263061","full_name":"cerbos/cerbos-sdk-php","owner":"cerbos","description":"PHP SDK for interacting with the Cerbos PDP","archived":false,"fork":false,"pushed_at":"2024-11-06T10:08:32.000Z","size":970,"stargazers_count":4,"open_issues_count":1,"forks_count":2,"subscribers_count":6,"default_branch":"main","last_synced_at":"2024-11-06T10:59:59.792Z","etag":null,"topics":["cerbos","client","pdp","php","sdk"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cerbos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-06-14T07:57:41.000Z","updated_at":"2024-11-06T10:06:24.000Z","dependencies_parsed_at":"2023-09-22T23:04:09.300Z","dependency_job_id":"4787ce47-5f40-4ac3-976e-44058edf6940","html_url":"https://github.com/cerbos/cerbos-sdk-php","commit_stats":{"total_commits":24,"total_committers":2,"mean_commits":12.0,"dds":0.08333333333333337,"last_synced_commit":"ca5c271101819aa07652e9f4cb8af0b80a269ec4"},"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fcerbos-sdk-php","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fcerbos-sdk-php/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fcerbos-sdk-php/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fcerbos-sdk-php/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cerbos","download_url":"https://codeload.github.com/cerbos/cerbos-sdk-php/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223518544,"owners_count":17158689,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cerbos","client","pdp","php","sdk"],"created_at":"2024-11-07T13:07:29.262Z","updated_at":"2025-11-04T21:02:39.095Z","avatar_url":"https://github.com/cerbos.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cerbos PHP SDK\n\n[![Latest Stable Version](http://poser.pugx.org/cerbos/cerbos-sdk-php/v)](https://packagist.org/packages/cerbos/cerbos-sdk-php)\n[![Total Downloads](http://poser.pugx.org/cerbos/cerbos-sdk-php/downloads)](https://packagist.org/packages/cerbos/cerbos-sdk-php)\n[![License](http://poser.pugx.org/cerbos/cerbos-sdk-php/license)](https://packagist.org/packages/cerbos/cerbos-sdk-php)\n\nPHP client library for the [Cerbos](https://github.com/cerbos/cerbos) open source access control solution. This library\nincludes gRPC client for accessing the Cerbos PDP.\n\nFind out more about Cerbos at https://cerbos.dev and read the documentation at https://docs.cerbos.dev.\n\n# Installation\n\nYou can install the SDK via [Composer](https://getcomposer.org/). Run the following command:\n```bash\ncomposer require cerbos/cerbos-sdk-php\n```\n\n# Examples\n\n## Cerbos\n\n### Creating a gRPC client\n\n```php\n$client = CerbosClientBuilder::newInstance($this-\u003ehost)\n    -\u003ewithPlaintext(true)\n    -\u003ebuild();\n```\n\n### Check a single principal and resource\n\n```php\n$request = CheckResourcesRequest::newInstance()\n    -\u003ewithRequestId(RequestId::generate())\n    -\u003ewithPrincipal(\n        Principal::newInstance(\"john\")\n            -\u003ewithRole(\"employee\")\n            -\u003ewithPolicyVersion(\"20210210\")\n            -\u003ewithAttribute(\"department\", AttributeValue::stringValue(\"marketing\"))\n            -\u003ewithAttribute(\"geography\", AttributeValue::stringValue(\"GB\"))\n    )\n    -\u003ewithResourceEntry(\n        ResourceEntry::newInstance(\"leave_request\", \"xx125\")\n            -\u003ewithActions([\"view:public\", \"approve\"])\n            -\u003ewithPolicyVersion(\"20210210\")\n            -\u003ewithAttribute(\"department\", AttributeValue::stringValue(\"marketing\"))\n            -\u003ewithAttribute(\"geography\", AttributeValue::stringValue(\"GB\"))\n            -\u003ewithAttribute(\"owner\", AttributeValue::stringValue(\"john\"))\n    )\n  \n$checkResourcesResponse = $client-\u003echeckResources($request);\n$resultEntry = $checkResourcesResponse-\u003efind(\"xx125\");\n\nif ($resultEntry-\u003eisAllowed(\"view:public\")) { // returns true if `view:public` action is allowed\n    // ...\n}\n\nif ($resultEntry-\u003eisAllowed(\"approve\")) { // returns true if `approve` action is allowed\n    // ...\n}\n```\n\n### Check a single principal and multiple resource \u0026 action pairs\n\n```php\n$request = CheckResourcesRequest::newInstance()\n    -\u003ewithRequestId(RequestId::generate())\n    -\u003ewithPrincipal(\n        Principal::newInstance(\"john\")\n            -\u003ewithRole(\"employee\")\n            -\u003ewithPolicyVersion(\"20210210\")\n            -\u003ewithAttribute(\"department\", \"marketing\")\n            -\u003ewithAttribute(\"geography\", \"GB\")\n    )\n    -\u003ewithResourceEntries(\n        array(\n            ResourceEntry::newInstance(\"leave_request\", \"xx125\")\n                -\u003ewithAction(\"approve\")\n                -\u003ewithPolicyVersion(\"20210210\")\n                -\u003ewithAttribute(\"department\", AttributeValue::stringValue(\"marketing\"))\n                -\u003ewithAttribute(\"geography\", AttributeValue::stringValue(\"GB\"))\n                -\u003ewithAttribute(\"owner\", AttributeValue::stringValue(\"john\")),\n\n            ResourceEntry::newInstance(\"leave_request\", \"xx225\")\n                -\u003ewithAction(\"defer\")\n                -\u003ewithPolicyVersion(\"20210210\")\n                -\u003ewithAttribute(\"department\", AttributeValue::stringValue(\"marketing\"))\n                -\u003ewithAttribute(\"owner\", AttributeValue::stringValue(\"john\"))\n        )\n    )\n                    \n$checkResourcesResponse = $client-\u003echeckResources($request);\n\n$resultEntry = $checkResourcesResponse-\u003efind(\"xx125\");\nif ($resultEntry-\u003eisAllowed(\"approve\")) { // returns true if `approve` action is allowed\n    // ...\n}\n\n$resultEntry = $checkResourcesResponse-\u003efind(\"xx225\");\nif ($resultEntry-\u003eisAllowed(\"defer\")) { // returns true if `defer` action is allowed\n    // ...\n}\n```\n\n### Plan Resources API\n\n```php\n$request = PlanResourcesRequest::newInstance()\n    -\u003ewithRequestId(RequestId::generate())\n    -\u003ewithAction(\"approve\")\n    -\u003ewithPrincipal(\n        Principal::newInstance(\"maggie\")\n            -\u003ewithRole(\"manager\")\n            -\u003ewithAttribute(\"department\", AttributeValue::stringValue(\"marketing\"))\n            -\u003ewithAttribute(\"geography\", AttributeValue::stringValue(\"GB\"))\n            -\u003ewithAttribute(\"team\", AttributeValue::stringValue(\"design\"))\n    )\n    -\u003ewithResource(\n        Resource::newInstance(\"leave_request\", \"xx125\")\n            -\u003ewithPolicyVersion(\"20210210\")\n    );\n\n$planResourcesResponse = $this-\u003eclient-\u003eplanResources($request);\nif ($planResourcesResponse-\u003eisAlwaysAllowed()) {\n    // ...\n}\nelse if ($planResourcesResponse-\u003eisAlwaysDenied()) {\n    // ...\n}\nelse {\n    // ...\n}\n```\n\n\u003e [!NOTE]  \n\u003e Cerbos PDP v0.44.0 and onwards support specifying multiple actions with the following syntax: \n\u003e ```php\n\u003e -\u003ewithActions(array(\"create\", \"delete\"))\n\u003e ``` \n\n## Cerbos Hub\n\n### Creating a gRPC client\n\n```php\nuse Cerbos\\Sdk\\Cloud\\HubClientBuilder;\n\n$hubClient = HubClientBuilder::fromEnv() // Gets clientId and clientSecret from environment variables CERBOS_HUB_CLIENT_ID and CERBOS_HUB_CLIENT_SECRET.\n    -\u003ebuild();\n\n$storeClient = $hubClient-\u003estoreClient();\n```\n\n### GetFiles API\n\n```php\nuse Cerbos\\Sdk\\Cloud\\Store\\V1\\GetFilesRequest;\n\n$request = GetFilesRequest::newInstance(\n    $storeId,\n    \"resource_policies/leave_request.yaml\",\n    \"resource_policies/purchase_order.yaml\"\n);\n\n$response = $storeClient-\u003egetFiles($request);\n```\n\n### ListFiles API\n\n```php\nuse Cerbos\\Sdk\\Cloud\\Store\\V1\\FileFilter;\nuse Cerbos\\Sdk\\Cloud\\Store\\V1\\ListFilesRequest;\n\n$request = ListFilesRequest::newInstance($storeId);\n\n$requestWithFilter = ListFilesRequest::withFilter(\n    $storeId,\n    FileFilter::pathContains(self::something)\n);\n\n$response = $storeClient-\u003elistFiles($request);\n$filteredResponse = $storeClient-\u003elistFiles($requestWithFilter);\n```\n\n### ModifyFiles API\n\n```php\nuse Cerbos\\Sdk\\Cloud\\Store\\V1\\ChangeDetails;\nuse Cerbos\\Sdk\\Cloud\\Store\\V1\\ChangeDetails\\Internal;\nuse Cerbos\\Sdk\\Cloud\\Store\\V1\\ChangeDetails\\Uploader;\nuse Cerbos\\Sdk\\Cloud\\Store\\V1\\FileOp;\nuse Cerbos\\Sdk\\Cloud\\Store\\V1\\ModifyFilesRequest;\n\n$path = __DIR__ . \"./cerbos/policies/leave_request.yaml\";\n$realPath = realpath($path);\n$fileContents = file_get_contents($realPath);\n\n$requestAddOrUpdate = ModifyFilesRequest::withChangeDetails(\n    $storeId,\n    ChangeDetails::internal(\n        'myApp/ModifyFiles/Op=AddOrUpdate',\n        Uploader::newInstance('myApp'),\n        Internal::newInstance('sdk')\n    ),\n    FileOp::addOrUpdate('policies/leave_request.yaml', $fileContents)\n);\n\n$requestDelete = ModifyFilesRequest::withChangeDetails(\n    $storeId,\n    ChangeDetails::internal(\n        'myApp/ModifyFiles/Op=Delete',\n        Uploader::newInstance('myApp'),\n        Internal::newInstance('sdk')\n    ),\n    FileOp::delete('policies/leave_request.yaml')\n);\n\n$responseAddOrUpdate = $storeClient-\u003emodifyFiles($requestAddOrUpdate);\n$responseDelete = $storeClient-\u003emodifyFiles($requestDelete);\n```\n\n### ReplaceFiles API\n\n```php\nuse Cerbos\\Sdk\\Cloud\\Store\\V1\\ChangeDetails;\nuse Cerbos\\Sdk\\Cloud\\Store\\V1\\ChangeDetails\\Internal;\nuse Cerbos\\Sdk\\Cloud\\Store\\V1\\ChangeDetails\\Uploader;\nuse Cerbos\\Sdk\\Cloud\\Store\\V1\\ReplaceFilesRequest;\n\n$path = __DIR__ . \"./cerbos/policies.zip\";\n$realPath = realpath($path);\n$fileContents = file_get_contents($realPath);\n\n$request = ReplaceFilesRequest::withZippedContents(\n    $storeId,\n    $fileContents,\n    null,\n    ChangeDetails::internal(\n        'myApp/ReplaceFiles/With=policies.zip',\n        Uploader::newInstance('myApp'),\n        Internal::newInstance('sdk')\n    )\n);\n\n$response = $storeClient-\u003ereplaceFiles($request);\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcerbos%2Fcerbos-sdk-php","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcerbos%2Fcerbos-sdk-php","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcerbos%2Fcerbos-sdk-php/lists"}