Geek asks and answers

Getting an ACL for a different user than the current one registered in Symfony2?

I am building a web application using Symfony2. I am implementing ACL modules and it worked fine, but came across a problem while trying to create a dashboard for rights management.

So, I got as a user who can create a project and add "participants" to his project. Participants can have three different types of access, which are masks from the creator of masks MASK_VIEW, MASK_EDIT, MASK_OPERATOR. Using ProblematicAclManagerBundle, we can easily add access to them using this:

$this->aclManager->addObjectPermission($project, $mask, $user);

The fact is that when you want to edit a project, you should be able to list users with their current access rights. The function isGrantedcan provide you users for the current user, but not for other users. Compared to addXXXXfunctions where there are three arguments, they have only two protected objects and a mask. Thus, you cannot find the rights for another user with this function. isGranted

Is there a way to get the rights of other users? Or do I need to create my own SQL queries to retrieve data from acl tables?

+5
source share
3 answers

Here is what I have right now ... I made a raw sql query with nested selections.

//...
$objectClass = get_class($object);
$objectId = $object->getId();
$userSecurityIdentity = get_class($user) . '-' . $user->getUsername();

$sql = "SELECT `mask` FROM `acl_entries`" .
        "WHERE `object_identity_id` in (" .
            "SELECT `id` FROM `acl_object_identities` " .
            "WHERE `object_identifier` = :objectId AND `class_id` in (" .
                "SELECT `id` FROM `acl_classes` WHERE `class_type` = :objectClass" .
            ")" .
        ")" .
        "AND `security_identity_id` in (" .
            "SELECT `id` FROM `acl_security_identities`" .
            "WHERE `identifier` = :userSecurityIdentity" .
        ");";

$query = $this->entityManager->getConnection()->executeQuery($sql, array(
    'objectId'             => $objectId,
    'objectClass'          => $objectClass,
    'userSecurityIdentity' => $userSecurityIdentity)
);

$data = $query->fetch();
$mask = $data['mask'];
// ...

, , ACL, , - .

+1

, , :

$securityContext->setToken(new Token($user2));
$securityContext->isGranted('test', $object);
+1

Well Symfony\Component\Security\Acl\Model\AclInterfaceprovides this method:

/**
 * Determines whether access is granted
 *
 * @throws NoAceFoundException when no ACE was applicable for this request
 * @param array   $masks
 * @param array   $securityIdentities
 * @param Boolean $administrativeMode
 * @return Boolean
 */
public function isGranted(array $masks, array $securityIdentities, $administrativeMode = false);
0
source

More articles:


All Articles