Symfony 2 ACL and Role Hierarchy Symfony 2 ACL and Role Hierarchy symfony symfony

Symfony 2 ACL and Role Hierarchy


php symfony acl hierarchy roles

The problem is that you are adding adding ACL base on UserIdentity and want to check the gran base on RoleIdentity. If you want to do it Role base change the creating ACL as below

// creating the ACL$aclProvider = $this->get('security.acl.provider');$objectIdentity = ObjectIdentity::fromDomainObject($comment);$acl = $aclProvider->createAcl($objectIdentity);// retrieving the security identity of the currently logged-in user$securityIdentity = UserSecurityIdentity::fromAccount($this->getUser());// grant owner access$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);// grant EDIT access to ROLE_ADMIN$securityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_EDIT);$aclProvider->updateAcl($acl);

As you see I kept the owner access for the specific user then I added Edit access for ROLE_ADMIN. You can keep the controller as is.

If you don't want to make it Role base but just want to give an exception for admin users you can change your controller as

// check for edit accessif (false === $securityContext->isGranted('EDIT',$comment) && false === $securityContext->isGranted('ROLE_ADMIN') ) {   throw new AccessDeniedException();}

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last