zfr/rbac

Zend Framework 3 prototype for Zend\Permissions\Rbac.

Maintainers

πŸ‘ bakura10

Package info

github.com/zf-fr/rbac

pkg:composer/zfr/rbac

Statistics

Installs: 1 148 073

Dependents: 6

Suggesters: 0

Stars: 27

Open Issues: 1

2.0.0 2015-11-08 15:37 UTC

Requires

  • php: >=5.5

Requires (Dev)

Suggests

None

Provides

None

Conflicts

None

Replaces

None

MIT 1a1fd91283d7a0ae49a9ef9b00d9b251da48e103

securityzf2rbaczf3

This package is auto-updated.

Last update: 2026-06-29 01:14:21 UTC

README

πŸ‘ Build Status
πŸ‘ Scrutinizer Code Quality
πŸ‘ Code Coverage
πŸ‘ Latest Stable Version
πŸ‘ Total Downloads

Rbac (not to be confused with ZfcRbac) is a pure PHP implementation of the RBAC (Role based access control) concept. Actually, it is a Zend Framework 3 prototype of the ZF2 Zend\Permissions\Rbac component.

It aims to fix some design mistakes that were made to make it more usable and more efficient.

It differs on those points:

  • RoleInterface no longer have setParent and getParent methods, and cannot have children anymore (this is used to implement a simpler "flat RBAC").
  • A new HierarchicalRoleInterface has been introduced to allow roles to have children.
  • Method hasPermission on a role no longer recursively iterate the children role, but only check its own permissions. To properly check if a role is granted, you should use the isGranted method of the Rbac class.
  • Rbac class is no longer a container. Instead, it just has a isGranted method. The container was complex to properly handle because of role duplication, which could lead to security problems if not used correctly.

Version 1.0 of this library is used in ZfcRbac 2.0. Version 2.0 of this library is used in ZfcRbac 3.0.