I just started with Symfony2 ACL and I can not access the objects with the assigned user. Let me explain:
I assign permissions to a particular user of some objects. I do it on load data fixtures:
// creating the ACL
$aclProvider = $this->container->get('security.acl.provider');
$objectIdentity = ObjectIdentity::fromDomainObject($order); //entity
try {
$acl = $aclProvider->findAcl($objectIdentity);
} catch (\Symfony\Component\Security\Acl\Exception\Exception $e) {
$acl = $aclProvider->createAcl($objectIdentity);
}
// retrieving the security identity of the currently logged-in user
$securityIdentity = UserSecurityIdentity::fromAccount($user);
// grant owner access
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);
I also want to assign permissions to all objects of a class to the role ADMIN and I do it with a command:
$output->writeln('<info>Adding Order OWNER ACE to role ROLE_ADMIN</info>');
$aclProvider = $this->getContainer()->get('security.acl.provider');
$objectIdentity = new ObjectIdentity('class', 'VendorName\XXXBundle\Entity\Order');
try {
$acl = $aclProvider->findAcl($objectIdentity);
} catch (\Symfony\Component\Security\Acl\Exception\Exception $e) {
$acl = $aclProvider->createAcl($objectIdentity);
}
$em = $entityManager = $this->getContainer()->get('doctrine')->getEntityManager();
$role = $em->getRepository('VendorNameXXXBundle:Role')->findOneByRole('ROLE_ADMIN');
$securityIdentity = new RoleSecurityIdentity($role->getRole());
$acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);
I can not get Symfony2 detects these permissions. I connect with the two users and when I do from Twig:
{% if is_granted('VIEW', entity) %}
<tr>
<td colspan="12">Authorized!</td>
</tr>
{% else %}
<tr>
<td colspan="12">You are not authorized</td>
</tr>
{% endif %}
I always get: "You are not authorized".
Also tried from controller but with the same result:
$securityContext = $this->get('security.context');
if (false === $securityContext->isGranted('EDIT', $entity))
{
throw new \Symfony\Component\Security\Core\Exception\AccessDeniedException;
}
if (!$entity) {
throw $this->createNotFoundException('Unable to find Order entity.');
}