Disable object identity check in symfony ACL

1
votes

I use voters that I set up based on this guide (I know it's a Sonata guide but it uses no Sonata code).

Now the voters are working fine, they grant deny as needed. One voter service definition looks like this:

services:
    acme_account.security.authorization.organisation_voter:
        class: %acme_account.security.authorization.organisation_voter.class%
        arguments:  [@service_container]
        public: false
        tags:
          - { name: security.voter }

Now my problem is that even though the voter returns correct grants, in some cases some default ACL handler denies permission. This is in the logs:

security.DEBUG: No ACL found for the object identity. Voting to deny access. [] []

Since I want to enforce the denies coming from the voters I have set the security.access_decision_manager.strategy to unanimous. But because of the default handler this way the permissions are denied.

Now of course I could configure and start using the ACLs but it would be an overkill in this application that's why I choose the voters.

Is there any way to disable this default behaviour?

1
symfonyacl

1 Answers

0
votes

Here's a workaround for it, not sure if this is the best way but it works.

The object and security identity retrieval strategy services needed to be overwritten with noop implementations.

services.yml

security.acl.object_identity_retrieval_strategy:
    class: Acme\UserBundle\Acl\ObjectIdentityRetrievalStrategy

security.acl.security_identity_retrieval_strategy:
    class: Acme\UserBundle\Acl\SecurityIdentityRetrievalStrategy

Acme\UserBundle\Acl\ObjectIdentityRetrievalStrategy.php

<?php
namespace Acme\UserBundle\Acl;

use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface;

class ObjectIdentityRetrievalStrategy implements ObjectIdentityRetrievalStrategyInterface
{
    public function getObjectIdentity($domainObject)
    {
    }
}

Acme\UserBundle\Acl\SecurityIdentityRetrievalStrategy.php

<?php
namespace Acme\UserBundle\Acl;

use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;

class SecurityIdentityRetrievalStrategy implements SecurityIdentityRetrievalStrategyInterface
{
    public function getSecurityIdentities(TokenInterface $token)
    {
    }
}