Symfony2 ACL problems

0
votes

I've been trying to implement ACL in a system I'm developing and had several problems. This is mostly because the total lack of documentation on the subject. It'd be really nice if we could have more info on this complex and fundamental component. In any case, I'd be happy to write something once I understand

Anyway, the problems I'm having are the following: 1. I have a role with Class-Field-Scope ACE to view and edit a field of an object. When I check in the view using this: isGranted('VIEW', object, 'myField')

It's always false. Shouldn't class-scope apply to all instance of the class? I'm not really sure how this scope works.

  1. When I delete a group, I want to delete all ACL entries related to that group. I've tried like this: $aclProvider->deleteAcl(ObjectIdentity::fromDomainObject($group))

It works. Then I try to create a new group. The group gets created, but the ACL setup fails with this error:

Notice: Undefined offset: 0 in Project/vendor/symfony/src/Symfony/ Component/Security/Acl/Dbal/MutableAclProvider.php line 850

Any help is greately appreciated!

1
symfonyacl

1 Answers

4
votes

EDIT: I have updated the source code, it's a much better solution now.

I have been experimenting with ACL and Symfony2 a little bit recently.

From what I have discovered this is the way to check class-field-scope:

$post = $postRepo->findOneById(1);

$securityContext = $this->get('security.context');
$oid = new ObjectIdentity('class', 'Liip\\TestBundle\\Entity\\Post');

$object = new FieldVote($oid, 'id');
if (true === $securityContext->isGranted('EDIT', $object)){
   echo "Access to 'id' field granted";
}else{
   echo "Access denied";
}

 $object = new FieldVote($oid, 'post');
 if (true === $securityContext->isGranted('VIEW', $object))
 {
    echo "Access to 'post' field granted";
 }else{
    echo "Access denied";
 }

About deleting ACLs I have no knowledge so far, I will need to look into that matter sometime later. I hope this helps!

Some more information about the topic. Probably not for you but for other users it could be helpful: Smyfony2 and ACLs

Regards Reto