At the moment Phalcon does not support Role based ACLs. You will have to do something yourself to cover this. The feature has however been asked for and it is in the long list of NFRs for the project :)
The way I would go about it is use a combination of Phalcon functionality and custom programming. I would add everything to a base controller in the beforeExecuteRoute
function so that whenever something is to be dispatched ACL is checked.
In a similar project to yours, I created two tables in my database:
Groups
------
group_id <- 2
group_name <- Admins
and have an ACL table that maps all actions to a group like so
ACL
---
group_id <- 2
acl_controller <- Customers
acl_action <- Search
You can easily extend this to have a collection of controller/action pairs to map to a Role. From there you can just create a simple function that would load the role based resources.
It is a bit of a workaround but it works.