switon/authz

Permission-based authorization with attributes, voters, and role-to-permission lookup for Switon Framework

Maintainers

Package info

github.com/switon-php/authz

Documentation

pkg:composer/switon/authz

Statistics

Installs: 4

Dependents: 2

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

v1.0.0 2026-06-06 13:43 UTC

Requires

Requires (Dev)

MIT f1d6d76887eedf3ba6818e68ed6e04b371a68861

  • switon <admin.woop@switon.dev>

authorizationrbacpoliciesswiton

This package is auto-updated.

Last update: 2026-06-07 05:06:51 UTC

README

CI PHP 8.3+

Switon's HTTP authorization layer for controller and action policies, identity states, and voter-based access control.

Highlights

  • Attribute-based access rules: #[Authorize] lets controllers and actions declare policy in place.
  • Layered defaults: class-level rules set the baseline, and method rules can override them.
  • Policy aliases: @edit-style references stay tied to their targets.
  • Decision hooks: VoterInterface can grant, deny, or abstain before the default check runs.
  • Identity states: authenticated, anonymous, and superuser access are handled explicitly.

Installation

composer require switon/authz

Quick Start

use Switon\Authorizing\Attribute\Authorize;

#[Authorize(Authorize::AUTHENTICATED)]
class UserController
{
    public function indexAction(): void
    {
    }

    public function profileAction(): void
    {
    }

    #[Authorize(Authorize::ANONYMOUS)]
    public function publicAction(): void
    {
    }

    #[Authorize('@index')]
    public function deleteAction(): void
    {
    }
}

Docs: https://docs.switon.dev/latest/authz

License

MIT.