UseDataKit
diff --git a/‎src/AccessControl/AccessControlManager.php
+84 b/‎src/AccessControl/AccessControlManager.php
+84
diff --git a/‎src/AccessControl/AccessController.php
+25 b/‎src/AccessControl/AccessController.php
+25
diff --git a/‎src/AccessControl/Capability/Capability.php
+28 b/‎src/AccessControl/Capability/Capability.php
+28
diff --git a/‎src/AccessControl/Capability/DataViewCapability.php
+57 b/‎src/AccessControl/Capability/DataViewCapability.php
+57
diff --git a/‎src/AccessControl/Capability/DeleteDataView.php
+19 b/‎src/AccessControl/Capability/DeleteDataView.php
+19
diff --git a/‎src/AccessControl/Capability/EditDataView.php
+19 b/‎src/AccessControl/Capability/EditDataView.php
+19
diff --git a/‎src/AccessControl/Capability/ViewDataView.php
+11 b/‎src/AccessControl/Capability/ViewDataView.php
+11
diff --git a/‎src/AccessControl/Capability/ViewField.php
+47 b/‎src/AccessControl/Capability/ViewField.php
+47
diff --git a/‎src/AccessControl/ReadOnlyAccessController.php
+21 b/‎src/AccessControl/ReadOnlyAccessController.php
+21
@@ -0,0 +1,84 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl;
+
+use SplStack;
+
+/**
+ * Manages the current and previously set Access Controllers.
+ *
+ * By default, the manager will return a {@see ReadOnlyAccessController}.
+ *
+ * @since $ver$
+ */
+final class AccessControlManager {
+	/**
+	 * The current stack of Access Control Managers.
+	 *
+	 * @since $ver$
+	 *
+	 * @var SplStack<AccessController>
+	 */
+	private static \SplStack $access_controllers;
+
+	/**
+	 * Prevent creating multiple instances of the manager.
+	 *
+	 * @since $ver$
+	 */
+	private function __construct() {
+	}
+
+	/**
+	 * Lazily initializes the Access Control Manager.
+	 *
+	 * @since $ver$
+	 *
+	 * @return void
+	 */
+	private static function initialize(): void {
+		if ( ! isset( self::$access_controllers ) ) {
+			self::$access_controllers = new \SplStack();
+			self::set( new ReadOnlyAccessController() );
+		}
+	}
+
+	/**
+	 * Sets the current AccessController.
+	 *
+	 * @since $ver$
+	 *
+	 * @param AccessController $access_controller The access controller.
+	 */
+	public static function set( AccessController $access_controller ): void {
+		self::initialize();
+
+		self::$access_controllers->push( $access_controller );
+	}
+
+	/**
+	 * Returns the current Access Controller.
+	 *
+	 * @since $ver$
+	 *
+	 * @return AccessController The current AccessController.
+	 */
+	public static function current(): AccessController {
+		self::initialize();
+
+		return self::$access_controllers->top();
+	}
+
+	/**
+	 * Resets the current Access Controller to the previous.
+	 *
+	 * @since $ver$
+	 */
+	public static function reset(): void {
+		self::initialize();
+
+		if ( self::$access_controllers->count() > 1 ) {
+			self::$access_controllers->pop();
+		}
+	}
+}
@@ -0,0 +1,25 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl;
+
+use DataKit\DataViews\AccessControl\Capability\Capability;
+use DataKit\DataViews\DataView\DataView;
+use DataKit\DataViews\Field\Field;
+
+/**
+ * Manages the access the current user has on {@see DataView} and {@see Field} objects.
+ *
+ * @since $ver$
+ */
+interface AccessController {
+	/**
+	 * Returns whether the user has the provided capability.
+	 *
+	 * @since $ver$
+	 *
+	 * @param Capability $capability The capability to test.
+	 *
+	 * @return bool Whether the user has the capability.
+	 */
+	public function can( Capability $capability ): bool;
+}
@@ -0,0 +1,28 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl\Capability;
+
+/**
+ * Represents a capability a user can have.
+ *
+ * @since $ver$
+ */
+interface Capability {
+	/**
+	 * Returns whether the capability is related to mutation.
+	 *
+	 * @since $ver$
+	 *
+	 * @return bool Whether the capability is related to mutation.
+	 */
+	public function is_mutative(): bool;
+
+	/**
+	 * Returns whether the capability is related to destruction.
+	 *
+	 * @since $ver$
+	 *
+	 * @return bool Whether the capability is related to destruction.
+	 */
+	public function is_destructive(): bool;
+}
@@ -0,0 +1,57 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl\Capability;
+
+use DataKit\DataViews\DataView\DataView;
+
+/**
+ * Represents a capability that is connected to a DataView.
+ *
+ * @since $ver$
+ */
+abstract class DataViewCapability implements Capability {
+	/**
+	 * The DataView.
+	 *
+	 * @since $ver$
+	 *
+	 * @var DataView
+	 */
+	protected DataView $dataview;
+
+	/**
+	 * Creates the Capability.
+	 *
+	 * @since $ver$
+	 */
+	public function __construct( DataView $dataview ) {
+		$this->dataview = $dataview;
+	}
+
+	/**
+	 * Returns the DataView connected to the capability.
+	 *
+	 * @since $ver$
+	 */
+	public function dataview(): DataView {
+		return $this->dataview;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 *
+	 * @since $ver$
+	 */
+	public function is_mutative(): bool {
+		return false;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 *
+	 * @since $ver$
+	 */
+	public function is_destructive(): bool {
+		return false;
+	}
+}
@@ -0,0 +1,19 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl\Capability;
+
+/**
+ * A capability representing a user can delete a DataView.
+ *
+ * @since $ver$
+ */
+final class DeleteDataView extends DataViewCapability {
+	/**
+	 * {@inheritDoc}
+	 *
+	 * @since $ver$
+	 */
+	public function is_destructive(): bool {
+		return true;
+	}
+}
@@ -0,0 +1,19 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl\Capability;
+
+/**
+ * A capability representing a user can edit a DataView.
+ *
+ * @since $ver$
+ */
+final class EditDataView extends DataViewCapability {
+	/**
+	 * {@inheritDoc}
+	 *
+	 * @since $ver$
+	 */
+	public function is_mutative(): bool {
+		return true;
+	}
+}
@@ -0,0 +1,11 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl\Capability;
+
+/**
+ * A capability representing a user can view a DataView.
+ *
+ * @since $ver$
+ */
+final class ViewDataView extends DataViewCapability {
+}
@@ -0,0 +1,47 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl\Capability;
+
+use DataKit\DataViews\DataView\DataView;
+use DataKit\DataViews\Field\Field;
+
+/**
+ * A capability representing a user can view a DataView field.
+ *
+ * @since $ver$
+ */
+final class ViewField extends DataViewCapability {
+	/**
+	 * The Field.
+	 *
+	 * @since $ver$
+	 *
+	 * @var Field
+	 */
+	private Field $field;
+
+	/**
+	 * Creates the capability.
+	 *
+	 * @since $ver$
+	 *
+	 * @param DataView $dataview The DataView.
+	 * @param Field    $field    The Field.
+	 */
+	public function __construct( DataView $dataview, Field $field ) {
+		parent::__construct( $dataview );
+
+		$this->field = $field;
+	}
+
+	/**
+	 * Returns the Field to view.
+	 *
+	 * @since $ver$
+	 *
+	 * @return Field The Field.
+	 */
+	public function field(): Field {
+		return $this->field;
+	}
+}
@@ -0,0 +1,21 @@
+<?php
+
+namespace DataKit\DataViews\AccessControl;
+
+use DataKit\DataViews\AccessControl\Capability\Capability;
+
+/**
+ * AccessControlManager that allows read access to anyone.
+ *
+ * @since $ver$
+ */
+final class ReadOnlyAccessController implements AccessController {
+	/**
+	 * {@inheritDoc}
+	 *
+	 * @since $ver$
+	 */
+	public function can( Capability $capability ): bool {
+		return ! $capability->is_mutative() && ! $capability->is_destructive();
+	}
+}