{"id":18783676,"url":"https://github.com/tomkyle/rbac","last_synced_at":"2026-06-30T03:31:37.674Z","repository":{"id":14733711,"uuid":"17454547","full_name":"tomkyle/RBAC","owner":"tomkyle","description":"RBAC: Roles, Permissions and ACL for PHP/MySQL","archived":false,"fork":false,"pushed_at":"2014-03-12T08:32:43.000Z","size":236,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-12-29T11:45:34.394Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tomkyle.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-03-05T20:40:22.000Z","updated_at":"2020-05-12T21:15:20.000Z","dependencies_parsed_at":"2022-08-31T13:20:41.449Z","dependency_job_id":null,"html_url":"https://github.com/tomkyle/RBAC","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomkyle%2FRBAC","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomkyle%2FRBAC/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomkyle%2FRBAC/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomkyle%2FRBAC/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tomkyle","download_url":"https://codeload.github.com/tomkyle/RBAC/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239699579,"owners_count":19682574,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T20:40:06.227Z","updated_at":"2026-06-30T03:31:37.645Z","avatar_url":"https://github.com/tomkyle.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"#tomkyle/rbac\n\nRole-based access control solution, extracted from my legacy codebase. \nIt provides a **permissions** and **roles** system as well as a simple **ACL implementation.**\n\n[![Scrutinizer Quality Score](https://scrutinizer-ci.com/g/tomkyle/RBAC/badges/quality-score.png?s=58b756b227576429ae7c237aac26a4440a305004)](https://scrutinizer-ci.com/g/tomkyle/RBAC/)\n\n##Core concepts\n\n\n###Roles\n\nA client may be associated with certain roles, e.g. *Authors* or *Admins*. \nThese are stored in a `RolesStorage` object that contains role IDs.\n\n```php\n\u003c?php\nuse \\tomkyle\\Roles\\RolesStorage;\n\n$roles = new RolesStorage( 1, 2 );\necho $roles-\u003econtains( 2 ) ? \"YES\" : \"NO\";\n```\n\n###ACL\nA service may be restricted to certain roles. \n`AccessControlList` as an extension of `RolesStorage` will do that:\n\n```php\n\u003c?php\nuse \\tomkyle\\Roles\\RolesStorage;\nuse \\tomkyle\\Roles\\RolesAwareInterface;\nuse \\tomkyle\\AccessControlList\\AccessControlList;\nuse \\tomkyle\\AccessControlList\\AccessControlListAwareInterface;\n\nclass MyUser implements RolesAwareInterface {\n  use RolesAwareTrait;\n}\n\nclass MyService implements AccessControlListAwareInterface {\n  use AccessControlListAwareTrait;\n}\n\n$service = new MyService;\n$service-\u003esetAccessControlList( new AccessControlList( 1, 2) );\n\n$user = new MyUser;\n$user-\u003esetRoles( new RolesStorage( 2, 3 ) );\n\necho $service-\u003eisAllowed( $user ) ? \"YES\" : \"NO\";\n```\n\n\n###Permissions\nA client may be allowed or disallowed to do certain things. \n`PermissionsStorage` will do that:\n\n```php\n\u003c?php\nuse \\tomkyle\\Permissions\\PermissionsAwareInterface;\nuse \\tomkyle\\Permissions\\PermissionsAwareTrait;\nuse \\tomkyle\\Permissions\\ApplyPermissionsStorage;\n\nclass MyUser implements PermissionsAwareInterface {\n  use PermissionsAwareTrait;\n}\n\n$user = new MyUser;\n\n// Reads users permissions from database:\nnew ApplyPermissionsStorage( $user, $pdo );\n\necho $user-\u003ehasPermission( \"my_action\" ) ? \"YES\" : \"NO\";\n```\n\n\n\n##Installation\n\nThis library has no dependencies except a PDO connection. Install from command line or `composer.json` file:\n\n#####Command line\n    \n    composer require tomykle/rbac\n\n#####composer.json\n\n    \"require\": {\n        \"tomkyle/rbac\": \"dev-master\"\n    }\n\n#####MySQL\nThis package comes with two MySQL dumps, `install.sql.dist` and `install.sample-data.sql.dist`. Simply execute their contents; former installs tables, indices and unique constraints, dropping existing tables; latter adds sample data. See comments in table info or field comments. \n\nThe databasa schema uses InnoDB tables for better transaction and relation handling, although currently not using these features (since I never have worked with it yet).\n\n\n##Database\nRoles, Permissions and their respective associations to clients are stored in a bunch of database tables: \n\n| Table  | Description |\n| :----- | :---------- |\n| tomkyle_roles | Defines all roles (aka *user groups*) the application works with. |\n| tomkyle_permissions | Holds  permissions the application works with.|\n| tomkyle_permissions_roles_mm | Associates permissions with one or many roles. |\n| tomkyle_clients_roles_mm | Associates a client with one or many roles.|\n| tomkyle_clients_permissions_adjust | Adjusts a clients' permissions, overriding the ones he is granted or permitted due to his roles |\n\n##Administration\nSorry, currently there is no administration tool available. I used to manage them manually in the database. Anyhow, `unique` constraints will prevent you from adding doublettes. So if you have to delete a certain role or permission, do not forget the relation tables that refer to their primary key.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomkyle%2Frbac","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftomkyle%2Frbac","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomkyle%2Frbac/lists"}