Symfony complex acl based on dynamic roles and permissions

3
votes

I want to build a system which has multiple users, each user can be assigned 0 to many roles to projects or sections of projects (Objects). Each role can have 1 to many permissions. The roles can be created dynamically, so assigning them to users. However, permissions can be hard-coded.

I know I should use ACL, however I am not sure of how to add dynamic roles into it in Symfony2. Additionally, should I use voters?

1
phpsymfonyregistrationaclroles
Do you have users table and roles table and is the relationship defined in your entities? Do you want to add role to users automatically or grant the role to specific objects by ACL? - Javad
@Javad yes, I do have users and roles table, and I want to grant the role to specific objects by ACL instead of granting the permissions directly. - mokha
I provided an answer below and hopefully it solve your issue - Javad

1 Answers

1
votes

Hopefully the below code help you

// creating the ACL
$aclProvider = $this->get('security.acl.provider');
$objectIdentity = ObjectIdentity::fromDomainObject($the_object_to_be_granted);
$acl = $aclProvider->createAcl($objectIdentity);

$securityIdentity = new RoleSecurityIdentity("CUSTOM_ROLE_YOU_HAVE");

// grant owner access
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);// This is sample you can use any other masks you need
$aclProvider->updateAcl($acl);

You can obtain more info on the following link (Symfony ACL)