Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Abac Bundle
Assessments

Abac Bundle Laravel Package

craftcamp/abac-bundle

Symfony bundle integrating CraftCamp’s PHP ABAC library for attribute-based access control. Define policy rules based on user and resource attributes (roles as attributes too) and enforce permissions via a security service that can return denied attributes for debugging.

View on GitHub
Deep Wiki
Context7

Product Decisions This Supports

  • Fine-grained access control: Replace rigid role-based access control (RBAC) with Attribute-Based Access Control (ABAC) for dynamic, context-aware permissions (e.g., "Users with a driving license can homologate vehicles older than 25 years").
  • Decouple permissions from roles: Enable granular rules tied to user/resource attributes (e.g., age, vehicle.origin, service_status) instead of static role assignments.
  • Auditability & transparency: Provide detailed rejection reasons (e.g., rejected_attributes) for denied requests, improving debugging and compliance.
  • Scalable policy management: Centralize rules in YAML files (e.g., policy_rules.yml) for easy updates without code changes, reducing technical debt.
  • Symfony integration: Leverage existing Symfony services (e.g., autowiring, dependency injection) to embed ABAC seamlessly into controllers, listeners, or API gateways.
  • Roadmap for compliance: Support regulatory requirements (e.g., GDPR, industry-specific access controls) by dynamically evaluating attributes like parentNationality or manufactureDate.
  • Build vs. buy: Avoid reinventing ABAC logic; adopt a battle-tested library (php-abac) with Symfony-specific optimizations (e.g., caching, autowiring).

When to Consider This Package

  • Avoid if:
    • Your access control needs are simple (e.g., basic CRUD roles like ADMIN, USER). Use Symfony’s built-in SecurityBundle instead.
    • You require high-performance systems where ABAC’s attribute evaluation overhead is prohibitive (benchmark first).
    • Your team lacks YAML/configuration management experience; ABAC requires defining rules in external files.
    • You need real-time attribute validation (e.g., checking a user’s license status on every request) without caching.
  • Consider if:
    • You manage complex, dynamic permissions (e.g., healthcare systems, financial platforms, or multi-tenant SaaS).
    • Context matters: Access depends on attributes like time (lastTechnicalReviewDate), location (vehicle.origin), or external services (SERVICE_STATUS).
    • You want to future-proof your system for regulatory changes (e.g., adding new compliance rules without code deployments).
    • Your team is comfortable with Symfony’s dependency injection and YAML configuration.

How to Pitch It (Stakeholders)

For Executives:

*"This package lets us replace rigid ‘role-based’ permissions with smart, attribute-driven access control—like a firewall that adapts to real-world conditions. For example, instead of giving everyone a ‘Manager’ role, we can define rules like:

  • ‘Only users with a driving license can homologate vehicles.’
  • ‘Access to financial reports depends on the user’s department and the report’s sensitivity level.’ This reduces fraud risk, simplifies compliance audits, and cuts down on manual role assignments. It’s like upgrading from a basic lock to a context-aware security system—with minimal dev effort."*

For Engineers:

*"The CraftCamp ABAC Bundle wraps the PHP ABAC library into Symfony, giving us:

  • Declarative policies: Define rules in YAML (e.g., policy_rules.yml) instead of scattering if checks in controllers.
  • Symfony-native: Works with autowiring, services, and caching (e.g., cache rules in %kernel.cache_dir%/abac).
  • Debug-friendly: Returns specific rejection reasons (e.g., rejected_attributes: ['hasDrivingLicense']) for denied requests.
  • Extensible: Override core components (e.g., CacheManager, AttributeManager) for custom logic. Use case: Replace isGranted('ROLE_ADMIN') with abac->enforce('admin_rule', $user, $resource) for fine-grained, maintainable access control."*

For Security/Compliance Teams:

*"ABAC shifts access control from static roles to dynamic attributes, making it easier to:

  • Enforce least-privilege rules (e.g., ‘Only users in EMEA can edit EU customer data’).
  • Audit denials with clear reasons (e.g., ‘Access denied: parentNationality did not match’).
  • Adapt to regulations without code changes (e.g., add a new attribute like isCompliantWithGDPR to existing rules). This reduces shadow IT and aligns permissions with real-world context."*
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
cocosmos/filament-sticky-save-bar
patrickbussmann/oauth2-apple
3brs/enterprise-security-bundle
anousss007/vigilance
supportpal/eloquent-model
ardenexal/fhir-models
laravel-at/laravel-image-sanitize
romalytar/yammi-audit-log-laravel
ardenexal/fhir-validation
arshaviras/weather-widget
laravel-chronicle/core
sunchayn/nimbus
daikazu/eloquent-salesforce-objects
unseen-codes/chat
romalytar/yammi-jobs-monitoring-laravel
kisame76/filament-db-table-state
nqxcode/laravel-lucene-search
dpfx/laravel-livewire-wizards
workos/workos-php-laravel
sofa/laravel-global-scope