I'm using FOSUserBundle to handle my app users. Users can update their usernames or either get deleted by an administrator. Everything is fined on that part, my problem is related to Symfony ACL.
Each user has its own security entity when it's created. For example, if I create an account with shigeno username, it results in something like this in database (acl_security_identities table):
id | identifier | username
... | ... | ...
23 | my\Bundle\Entity\User-shigeno | 1
(ACL identity uses the username! Ouch... Why not the id?)
Now, I, shigeno, change my username to honda. Acl_security_identities table stays as it is, so all my permission are removed (or, more precisely, they didn't moved with me).
Sure, I can add new ACLs. But:
- It's painful. I have to get all previous ACL to duplicate, not to mention that I don't have easy access to all security objects when I update or remove a user.
- It's a big security hole, because if nothing removes the previous ACLs and a new guest chose the username shigeno... BAM, it's christmass.
How can I update (and remove if I delete a user) ACL security identity?
Note: I've seen this similar subject. It didn't answer the update question, moreover, doing a raw SQL request in this context is highly insecure (and yeah, it's ugly too).
