I've been working on a solution to this issue in FOS\CommentBundle, we've created object managers, and wrap those managers with "AclManager" instances that manage the Acl.
https://github.com/FriendsOfSymfony/CommentBundle Entity\CommentManager is the usual ORM manager which deals with interaction with the entity manager, and the AclCommentManager can be wrapped around the CommentManager to provide additional services. I havent been able to come up with a concrete implementation to deal with transactional issues since the Acl provider does not use the ORM. t On Mon, May 2, 2011 at 23:32, winzou <alexandre.ba...@gmail.com> wrote: > Hi, > > I'm setting up a real secure area, with secured domain objets. Thanks > to the doc, here is the process of granting owner access : > > if ($form->isValid()) { > $entityManager = $this->container- >>get('doctrine.orm.default_entity_manager'); > $entityManager->persist($comment); > $entityManager->flush(); > > // creating the ACL > $aclProvider = $this->container->get('security.acl.provider'); > $objectIdentity = ObjectIdentity::fromDomainObject($comment); > $acl = $aclProvider->createAcl($objectIdentity); > > // retrieving the security identity of the currently logged-in > user > $securityContext = $this->container->get('security.context'); > $user = $securityContext->getToken()->getUser(); > $securityIdentity = UserSecurityIdentity::fromAccount($user); > > // grant owner access > $acl->insertObjectAce($securityIdentity, > MaskBuilder::MASK_OWNER); > $aclProvider->updateAcl($acl); > } > > I'm trying to convert this code into a more real-world one, and I'm > facing some questions : > > 1/ That's a lot of lines just for granting access, is there any > convenient shortcut expected? > > 2/ How can we do that in a transactional context? The creation of the > ACL needs an already existing domain object, so a flush() has to be > done before calling ACL creation. This leads, of course, to the case > where error occurs between object creation and ACL creation => without > transaction, you have an object without any linked ACL. So how? > > 3/ Where this code is supposed to be? Should we build a specific > entity manager where we put all the ACL code? Keeping in mind that it > must be compatible with the transactional context of question 2. > > I'm not good enough yet with Symfony2 to answer these best-practice > questions alone. I do believe some people here have an opinion on that > point, thanks for sharing :) > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to symfony-users@googlegroups.com > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
