CODEWITHSUNDEEP
phpsymfonyacl
Mauro
Mauro

Reputation: 1487

Symfony2: ClassACE and ObjectACE

The ACL class have permissions on all objects of that class? Or only have permission on itself and not on the objects? Let me explain on Symfony2:

I have an Entity Order and 5 created Orders. If I give owner permission to the class Order I have grants to edit all the objects?

$objectIdentity = new ObjectIdentity('class', 'Acme\DemoBundle\Entity\Order');
$securityIdentity = new RoleSecurityIdentity($role->getRole());
$acl = $aclProvider->createAcl($objectIdentity);
$acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);

EDIT Actually I have 2 problems:

FIRST PROBLEM: The problem I have is when I use RoleSecurityIdentity. It don't works for me. If I use UserSecurityIdentity works perfectly for every object. This example works fine:

    foreach($orders as $order) {
        $objectIdentity = ObjectIdentity::fromDomainObject($salesOrder);
        $acl = $aclProvider->createAcl($objectIdentity);
        $securityIdentity = new UserSecurityIdentity(
          'admin', 
          'Acme\CoreBundle\Entity\User');
        $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
        $aclProvider->updateAcl($acl);
    }

User Admin have OWNER grants !

this example don't work:

    foreach($orders as $order) {
        $objectIdentity = ObjectIdentity::fromDomainObject($salesOrder);
        $acl = $aclProvider->createAcl($objectIdentity);
        $securityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
        $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
        $aclProvider->updateAcl($acl);
    }

Users with ROLE_ADMIN don't have grants to objects!

SECOND PROBLEM: If I apply OWNER grants to the class Order i don't have grants to access to the entities: Let me explain:

    $objectIdentity = new ObjectIdentity('class', 'Neventum\PaymentBundle\Entity\SalesOrder');
    $acl = $aclProvider->createAcl($objectIdentity);
    $securityIdentity = UserSecurityIdentity::fromAccount($admin);
    $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
    $aclProvider->updateAcl($acl);

I need the admin user always has access to all objects of the Order entity.

Upvotes: 2

Views: 1059

Answers (1)

Mauro
Mauro

Reputation: 1487

I've fixed!

The problem was on the getRoles method on User Entity.

Before it was like this:

function getRoles() {
    return $this->roles->toArray();
}

I've changed to:

function getRoles()
{
    $roles = array();
    foreach($this->userRoles as $userRole) {
        $roles[] = $userRole->getRole();
    }
    return $roles;
}

If anyone knows why I would appreciate

Upvotes: 3

Related Questions