Hi all,
ACL is one of the part of the framework that needs to be improved for
version 2.1. First of all, we need to remove the dependency with
Doctrine and the second thing is too improve the API. It's terribly
complicated to add an ACE between a user and a domain object.
Actually, you have to write these lines to make the current user owner
of a domain object:
// creating the ACL
$aclProvider = $this->get('security.acl.provider');
$objectIdentity = ObjectIdentity::fromDomainObject($comment);
$acl = $aclProvider->createAcl($objectIdentity);
// retrieving the security identity of the currently logged-in
user
$securityContext = $this->get('security.context');
$user = $securityContext->getToken()->getUser();
$securityIdentity = UserSecurityIdentity::fromAccount($user);
// grant owner access
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);
I think we could provide a more user friendly and fluent API with
something like this :
$aclProvider = $this->get('security.acl.provider')
->newAcl()
->forCurrentUser()
->grantOwnership()
->on($article);
;
$aclProvider = $this->get('security.acl.provider')
->newAcl()
->forAccount('hhamon')
->grant(array('VIEW', 'DELETE', 'EDIT')
->on($article);
;
How do you think about such a more friendly API for the security
bundle ?
Cheers.
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
