Symfony2: ClassACE and ObjectACE

问题

The ACL class have permissions on all objects of that class? Or only have permission on itself and not on the objects? Let me explain on Symfony2:

I have an Entity Order and 5 created Orders. If I give owner permission to the class Order I have grants to edit all the objects?

$objectIdentity = new ObjectIdentity('class', 'Acme\DemoBundle\Entity\Order');
$securityIdentity = new RoleSecurityIdentity($role->getRole());
$acl = $aclProvider->createAcl($objectIdentity);
$acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);

EDIT Actually I have 2 problems:

FIRST PROBLEM: The problem I have is when I use RoleSecurityIdentity. It don't works for me. If I use UserSecurityIdentity works perfectly for every object. This example works fine:

    foreach($orders as $order) {
        $objectIdentity = ObjectIdentity::fromDomainObject($salesOrder);
        $acl = $aclProvider->createAcl($objectIdentity);
        $securityIdentity = new UserSecurityIdentity(
          'admin', 
          'Acme\CoreBundle\Entity\User');
        $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
        $aclProvider->updateAcl($acl);
    }

User Admin have OWNER grants !

this example don't work:

    foreach($orders as $order) {
        $objectIdentity = ObjectIdentity::fromDomainObject($salesOrder);
        $acl = $aclProvider->createAcl($objectIdentity);
        $securityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
        $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
        $aclProvider->updateAcl($acl);
    }

Users with ROLE_ADMIN don't have grants to objects!

SECOND PROBLEM: If I apply OWNER grants to the class Order i don't have grants to access to the entities: Let me explain:

    $objectIdentity = new ObjectIdentity('class', 'Neventum\PaymentBundle\Entity\SalesOrder');
    $acl = $aclProvider->createAcl($objectIdentity);
    $securityIdentity = UserSecurityIdentity::fromAccount($admin);
    $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
    $aclProvider->updateAcl($acl);

I need the admin user always has access to all objects of the Order entity.

回答1:

I've fixed!

The problem was on the getRoles method on User Entity.

Before it was like this:

function getRoles() {
    return $this->roles->toArray();
}

I've changed to:

function getRoles()
{
    $roles = array();
    foreach($this->userRoles as $userRole) {
        $roles[] = $userRole->getRole();
    }
    return $roles;
}

If anyone knows why I would appreciate

来源：https://stackoverflow.com/questions/12260048/symfony2-classace-and-objectace