I think you could filter the available pool of widgets/logs when you select. At the user level, where they can edit their logs, they would be owner of the entity in the acl. Any higher role bypasses the ownership check, or you could assign a user with these roles a class-scope permission.
e.g. Bob is a user, in group 5,6, orginazation 4. He can see all widgets/logs for the respective (filtered via select) then gets access to those he owns (ACL), and can create because of his role (Security). Jane is an administrator, she has edit/delete on groups etc.. she is in (ACL), and can create because of her role (Security). etc... -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en