Customer groups ACLs

Extends the CustomerGroup module with an access control list mechanism that can be used to allow or deny access to some resource to a customer group.



  • Copy the module into <thelia_root>/local/modules/ directory and make sure that the name of the module is CustomerGroupAcl.
  • Activate it in your Thelia administration panel


Add it in your main Thelia composer.json file

composer require thelia/customer-group-acl-module:~0.1



  • Change acl data table to add class_name, the class name to check specific object acl ;
  • Dispatch CheckAclEvent_[resource] ;
  • Change checkAcl definition to checkAcl($resources, $accesses, $accessOr = false, $entityId = null, $dispatchEvent = false) :
    • $entityId, object identifying, if isset resources must be alone,
    • $dispatchEvent, if is set, CheckAclEvent are dispatch, default false ;

Execute setup/update-0.1.2-0.1.3.sql script.


Using the configuration file

Modules that use customer group ACLs must define them in the acl.xml file in the module configuration directory. The ACLs will be created when the module is activated.

Since ACLs are applied to customer group, you must have already have created some in order to use them (see the CustomerGroup module documentation). In this exemple, we will assume that the client, vip, also-vip-1 and also-vip-2 groups exists.

<?xml version="1.0" encoding="UTF-8" ?>
<config xmlns=""
          <acl code="vip-perks">
              <descriptive locale="en_US">
                  <title>VIP perks</title>
                  <description>Special VIP perks.</description>
              <descriptive locale="en_US">
                  <title>Avantages VIP</title>
                  <description>Avantages spéciaux VIP.</description>
              <customergroup group="vip">
                  <customergroupacl aclcode="vip-perks">
                      <access right="VIEW"/>

              <customergroup group="extra-vip-1">

              <customergroup group="extra-vip-2">

Here we define an ACL resource vip-perks and grant VIEW type access to this resource to the vip group. The extra-vip-1 group is set to have the same accesses as the vip group. The extra-vip-2 group is also set to have the same rights as the vip group, but only for the vip-perks ACL resource.

Using the back office

ACLs and group accesses can also be configured in the Thelia back office. A link to the configuration page is available in the Tools menu.

Access types

The available access types are defined in the Thelia access manager:

  • VIEW

Additionally, the ALL access can be used to grant all available accesses.

Check group access


The customer_group_acl.tool can be used to check ACL access.

$aclTool = $container->get("customer_group_acl.tool");

// simple check
$aclTool->checkAcl("vip-perks", AccessManager::VIEW);

// resources and accesess arguments can be a single value or an array of values

// by default, checks that at all accesses are granted
// but you can also check that only at least one access is granted


Smarty plugins are provided to check ACL access in templates.

As with the PHP function, you can check multiple resources and accesses at once, and optionally require only one access.

Simple check

The check_acl function will throw an exception if the required access(es) are not granted.

{check_acl code='vip-perks' access='view'}

{check_acl code='vip-perks,myAcl' access='view,create'}

{check_acl code='myAcl' access='view,create,update' access_or=true}

Block check

The acl and elseacl tags can also be used to check ACL accesses with a block syntax.

{acl name='acl-check' code='vip-perks' access='view'}
    Here is some super secret stuff !

{elseacl rel='acl-check'}
   Get VIP access for more cool stuff !



This loop list ACLs.

Input arguments

Argument Description
id Id or list of ACL ids.
module Id or list of module ids.
code Code or list of ACL codes.
order Order of the results.
lang Locale of the results.

order can be one of:

  • id (default)
  • module
  • module_reverse

Output arguments

Variable Description
$MODULE_ID Id of the module defining the ACL.
$CODE ACL code.
$TITLE ACL title in the selected locale.
$DESCRIPTION ACL description in the selected locale.


This loop list customer group access grants.

Input arguments

Argument Description
acl Id or list of ACL ids.
customer_group Id or list of customer group ids.
acl_type Access type or list of access types.
activate Whether to only list active access grants (true) or not (false) or both (*).

Output arguments

Variable Description
$CUSTOMER_GROUP_ID Customer group id.
$TYPE Access type.
$ACTIVATE Whether the access grant is active.

Customer groups ACLs

Extends the CustomerGroup module with an access control list mechanism that can be used to allow or deny access to some resource to a customer group

Author :

Say Hi & Get in Touch - +33(0)4 44 05 31 00

Thelia Network English
E-commerce solution

E-commerce software, useful to create and manage online stores, published under a free license. Discover our new version, based on many modern technologies !

Download Thelia

A team of experts at your service.


Over 7000 online stores powered by Thelia


Customize your Thelia.


Thelia editor