{"id":28371063,"url":"https://github.com/data-dog/acl-bundle","last_synced_at":"2025-10-13T15:11:21.714Z","repository":{"id":26516474,"uuid":"29969295","full_name":"DATA-DOG/acl-bundle","owner":"DATA-DOG","description":"Symfony2 access control list management bundle","archived":false,"fork":false,"pushed_at":"2015-02-27T12:18:07.000Z","size":228,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-07-07T08:48:29.236Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DATA-DOG.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-01-28T13:46:03.000Z","updated_at":"2015-07-15T03:06:13.000Z","dependencies_parsed_at":"2022-08-24T15:03:41.689Z","dependency_job_id":null,"html_url":"https://github.com/DATA-DOG/acl-bundle","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/DATA-DOG/acl-bundle","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DATA-DOG%2Facl-bundle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DATA-DOG%2Facl-bundle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DATA-DOG%2Facl-bundle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DATA-DOG%2Facl-bundle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DATA-DOG","download_url":"https://codeload.github.com/DATA-DOG/acl-bundle/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DATA-DOG%2Facl-bundle/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279015904,"owners_count":26085777,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-13T02:00:06.723Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-29T08:08:23.901Z","updated_at":"2025-10-13T15:11:21.677Z","avatar_url":"https://github.com/DATA-DOG.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ACL management bundle [![Build Status](https://secure.travis-ci.org/DATA-DOG/acl-bundle.png?branch=master)](http://travis-ci.org/DATA-DOG/acl-bundle)\n\nACL comes without any database requirements. It is bare **ACL** manager.\nThe bundle only registers **resource** and **access policy** providers.\nSee **DOCTRINE.md** which shows how to configure database for policy management.\n\n- Has symfony profiler bar\n- Does not depend on database\n- Basic resource and policy concept\n\n## Configuration\nThis is the default **ACL** bundle configuration:\n\n``` yaml\nacl:\n  default_allowed: false # means that by default all ACL resources are denied\n  resource:\n    providers:\n      config: true       # by default looks in bundles for ACL resources\n      annotations: true  # looks for controller annotations\n    transformers:\n      doctrine: true     # transforms entities or document resources with an ID at the end\n```\n\n## ACL resource\nA resource is basically represented by a string.\n\n``` php\n$acl-\u003eisGranted(\"action\", \"app.resource.string\");\n```\n\nWould be **\"app.resource.string.action\"**. Action is concatenated. That way\nit is easier to store and match resources.\n\n- **app.resource.string** - is a resource acccess point.\n- **action** - is any action that can be done with the resource.\n\n## ACL resource providers\nProviders are used to collect all ACL resources from bundles.\nThe ACL provider interface:\n\n``` php\nnamespace AclBundle\\Resource;\n\ninterface ProviderInterface\n{\n    /**\n     * Get a list of available ACL resources\n     *\n     * @return array - ['resource.string.action', ...]\n     */\n    function resources();\n}\n```\n\nAll provider services must be tagged with **acl.resource.provider**. They should build\na resource map as required by interface.\n\n### Bundle configuration\nThis type of ACL resource provider is enabled by default. It looks for configuration file:\n**../VendorBundle/Resources/config/acl_resources.yml** and loads all resources from each bundle.\n\n```yaml\nresources:\n  - app_bundle.entity.page.view\n  - app_bundle.entity.page.edit\n```\n\n## ACL policy providers\nACL policy providers must implement **AclBundle\\Access\\PolicyProviderInterface** and implement\none method which return a list of policies, where key is a resource or resource branch and\nvalue is boolean - whether the resource is granted or denied.\n\nGiven we have these resources:\n```yaml\nresources:\n  - app.user.edit\n  - app.user.view\n  - app.user.remove\n  - app.user.add\n```\n\nWe can make policies for leaf actions:\n```yaml\nacl:\n  access:\n    policies:\n      luke@skywalker.com:\n        - { resource: app.user.edit, granted: true }\n        - { resource: app.user.view, granted: true }\n        - { resource: app.user.add,  granted: true }\n```\n\nOr we can do the same thing by granting access to the branch and denying leaf:\n```yaml\nacl:\n  access:\n    policies:\n      luke@skywalker.com:\n        - { resource: app.user,        granted: true }\n        - { resource: app.user.remove, granted: false }\n```\n\n**NOTE:** The configuration above is the **ACL** bundle extension configuration. Which should be located in\nkernel configuration directory.\n\n### Config provider\nFor very simple use cases, config provider may be used. To enable it, acl configuration must contain\nsome accesses in the map:\n\n``` yaml\nacl:\n  access:\n    policies:\n      admin:\n        - { resource: app_bundle, allow: true }          # allow every action for all resources under app_bundle\n      someusername:\n        - { resource: some.resource, allow: true }       # allow all actions on some.resource\n        - { resource: some.resource.edit, allow: false } # but deny - some.resource.edit\n        - { another.resource.somewhere.create }          # default allowed\n```\n\nIt will load this access map based on username of currently logged user from security context.\nThough the user model must implement **Symfony\\Component\\Security\\Core\\User\\UserInterface**\n\n### ACL resource transformers\n\nSometimes it may be useful to transform an object to a specific resource with identifier for\ndeep permission checks. As an example we could have **form type** resources identified by name:\n\n``` php\nuse AclBundle\\Util;\nuse AclBundle\\Resource\\TransformerInterface;\nuse Symfony\\Component\\Form\\FormTypeInterface;\n\nclass FormTransformer implements TransformerInterface\n{\n    public function supports($object)\n    {\n        return $object instanceof FormTypeInterface;\n    }\n\n    public function transform($object)\n    {\n        return 'form.' . Util::underscore($object-\u003egetName());\n    }\n}\n```\n\nThis transformer service then may be registered with tag: **acl.resource.transformer**, it accepts a priority attribute.\nWhen **acl** actions may be checked like:\n\n``` php\n$container-\u003eget('acl.access.decision_manager')-\u003eisGranted('edit', $formTypeObject);\n```\n**NOTE:** these resources must be provided, either through configuration or by resource provider service.\n\nFor convenience, make a service alias:\n\n```yaml\n# app/config/config.yml or other\nservices:\n  acl: @acl.access.decision_manager\n```\n\n## Questions and Answers\n**Q:** Why it does not have a vendor namespace.\n**A:** Hopefully, you need only one AclBundle in your projects, cheers.\n\n## Tests\nTested with phpunit. To run all tests:\n\n    composer install\n    bin/phpunit\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdata-dog%2Facl-bundle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdata-dog%2Facl-bundle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdata-dog%2Facl-bundle/lists"}