I am in the process of evaluating Symfony2 for a greenfield project. One of the central requirements is that; A user can be associated with many companies and each of those associations can have a different set of permissions identified by a role.
Has anyone experience implementing something similar or a perspective on how this might be achieved with Symfony2's ACL system?
Will gratefully receive any advice.
I'm too late to the game but perhaps this will help someone else?
In short, you can use the custom voter, then take advantage of the 2nd object which you can pass into the voter and use it to contextualize your security checking like this
public function vote(TokenInterface $token, $object, array $attributes)
{
if ($this->supportsClass($object) && $company = $this->container->get('context.company')) {
foreach ($attributes as $attribute) {
if ($this->supportsAttribute($attribute)) {
if ($company == $object->getCompany()) {
return VoterInterface::ACCESS_GRANTED;
}
return VoterInterface::ACCESS_DENIED;
}
}
}
return VoterInterface::ACCESS_ABSTAIN;
}
}