Your posts can have an author id, which can be mapped to all permissions, same as groups this user belongs and related permissions. If you would do it right, hierarchical structure of your ACL you may need only few specific access rights per user, like if user is banned from the specific topic, when he will have a specific permission set for it exactly. Otherwise everything is inheritance based. At least thats how I think ACL should be handled. Setting access rights for each object is insane.
On Tue, May 3, 2011 at 3:37 PM, Marc MacLeod <marbe...@gmail.com> wrote: > Yes I still need to deal with this problem (I've put it off for now > until the documentation is more complete). > > Gediminas, what if the user has thousands of posts, comments, etc? Do > you think it would still make sense to retrieve and store that large > ACL tree in the session? > > I'm still having a hard time wrapping my head around getting good > performance out of the ACL system. I have not looked at the Tims work > on the comment bundle yet - will do that soon. > > Marc > > On May 2, 9:41 am, Gediminas Morkevicius > <gediminas.morkevic...@gmail.com> wrote: > > I think when user logs in, his ACL tree should be stored in his session. > > This way it will issue only a single query on successful login. > > It may require extra time on making acl tree compact with role > inheritance > > and other fancy stuff. > > > > > > > > > > > > > > > > On Mon, May 2, 2011 at 3:13 PM, winzou <alexandre.ba...@gmail.com> > wrote: > > > Any news from both of you? > > > I'm very interested as well. What's the best practice here? > > > > > On 16 avr, 06:45, Tim Nagel <t...@nagel.com.au> wrote: > > > > Normally we'll expect the developer to implement their own > > > controllers/views > > > > if they need anything more advanced than what we're providing at the > > > moment, > > > > but I'm considering making it easier for developers to get what they > need > > > > without doing so. > > > > > > I am also experimenting with HTTP caching, but as everyones > requirements > > > > vary, this is something the end developer should probably be > > > implementing. > > > > I'll see what I can do though. I am not yet sure about using the > Doctrine > > > > cache, we havent really done any performance tuning at this point. > > > > > > Great to hear you'll be using it. I'd love to hear feedback on how it > > > goes > > > > for you. > > > > > > t > > > > > > On Fri, Apr 15, 2011 at 23:36, Marc MacLeod <marbe...@gmail.com> > wrote: > > > > > Hi Tim, thanks very much. I'm sure taking a look at that will be > very > > > > > helpful! > > > > > > > Any chance you'll be making use of the HttpCache and/or Doctrine > > > > > cache? Working examples of how to best utilize these systems would > be > > > > > extremely helpful as well, and are very applicable to a comment > > > > > system. > > > > > > > Btw I plan to use the comment bundle in one of my projects in the > next > > > > > month so looking forward to what you come up with. > > > > > > > Regards, > > > > > Marc > > > > > > > On Apr 14, 6:19 pm, Tim Nagel <t...@nagel.com.au> wrote: > > > > > > I'm working on editing and deletion functionality for > CommentBundle > > > at > > > > > the > > > > > > moment. I expect to have something committed by the end of the > > > weekend. > > > > > > > > t > > > > > > > > On Fri, Apr 15, 2011 at 03:53, Marc MacLeod <marbe...@gmail.com> > > > wrote: > > > > > > > Hi all, > > > > > > > > > I'm not sure I understand how to effectively use the ACL > system. > > > Say, > > > > > > > for example, I have a list of user submitted posts. When a user > > > views > > > > > > > the list, for each post in the list I would use the ACL system > to > > > > > > > determine if the user has the right to edit the post. If they > do, I > > > > > > > show the edit button. However, this requires that the list of > posts > > > be > > > > > > > hydrated as objects AND requires multiple calls to the ACL > system > > > for > > > > > > > each post to determine whether or not to show the edit button. > That > > > > > > > means that for every user and every post in the list there are > many > > > DB > > > > > > > queries. This doesn't seem very efficient, is there a better > way to > > > > > > > accomplish this? > > > > > > > > > I've looked through many of the bundles, however none of them > (that > > > > > > > I've seen at least) really use the ACL system or the HttpCache/ > > > > > > > Doctrine Cache. Even the comments bundle doesn't use the ACL > system > > > to > > > > > > > determine if a user can edit or delete a post. > > > > > > > > > I feel like this is a typical use case, any guidance would be > much > > > > > > > appreciated. > > > > > > > > > Thanks, > > > > > > > Marc > > > > > > > > > -- > > > > > > > If you want to report a vulnerability issue on symfony, please > send > > > it > > > > > to > > > > > > > security at symfony-project.com > > > > > > > > > You received this message because you are subscribed to the > Google > > > > > > > Groups "symfony users" group. > > > > > > > To post to this group, send email to > > > symfony-users@googlegroups.com > > > > > > > To unsubscribe from this group, send email to > > > > > > > symfony-users+unsubscr...@googlegroups.com > > > > > > > For more options, visit this group at > > > > > > >http://groups.google.com/group/symfony-users?hl=en > > > > > > > -- > > > > > If you want to report a vulnerability issue on symfony, please send > it > > > to > > > > > security at symfony-project.com > > > > > > > You received this message because you are subscribed to the Google > > > > > Groups "symfony users" group. > > > > > To post to this group, send email to > symfony-users@googlegroups.com > > > > > To unsubscribe from this group, send email to > > > > > symfony-users+unsubscr...@googlegroups.com > > > > > For more options, visit this group at > > > > >http://groups.google.com/group/symfony-users?hl=en > > > > > -- > > > If you want to report a vulnerability issue on symfony, please send it > to > > > security at symfony-project.com > > > > > You received this message because you are subscribed to the Google > > > Groups "symfony users" group. > > > To post to this group, send email to symfony-users@googlegroups.com > > > To unsubscribe from this group, send email to > > > symfony-users+unsubscr...@googlegroups.com > > > For more options, visit this group at > > >http://groups.google.com/group/symfony-users?hl=en > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to symfony-users@googlegroups.com > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
