I have a problem with the ACLs :
I use a class scope to grant permissions on Role.
This is my code to declare the ClassAce :
$objectIdentity = new \Symfony\Component\Security\Acl\Domain\ObjectIdentity('class', 'Complete\\Class\\Name');
try
{
$acl = $aclProvider->findAcl($objectIdentity);
}
catch (\Symfony\Component\Security\Acl\Exception\Exception $e)
{
$acl = $aclProvider->createAcl($objectIdentity);
}
// retrieving the security identity of the currently role
$securityIdentity = new \Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity($role);
// grant owner access
$acl->insertClassAce($securityIdentity, \Symfony\Component\Security\Acl\Permission\MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);
And this is my code to check access :
$securityContext = $this->get('security.context');
$oid = new \Symfony\Component\Security\Acl\Domain\ObjectIdentity('class', 'Complete\\Class\\Name');
if (false === $securityContext->isGranted('EDIT', $oid))
{
throw new \Symfony\Component\Security\Core\Exception\AccessDeniedException();
}
I receive an AccessDeniedExeption, with the message in the logs : “No
ACL found for the object identity. Voting to deny access.”
I can resolve this by changing the equals function of the
RoleSecurityIdentity
The original function is
public function equals(SecurityIdentityInterface $sid)
{
if (!$sid instanceof RoleSecurityIdentity) {
return false;
}
return $this->role === $sid->getRole();
}
But if I change it by
public function equals(SecurityIdentityInterface $sid)
{
if (!$sid instanceof RoleSecurityIdentity) {
return false;
}
return $this->role == $sid->getRole();
}
It works…
I use my Own Role Class, could it be a problem ?
Thanks for your answers,
I had the similar problem. Extending Symfony\Component\Security\Core\Role\Role in my own Role class solved the problem.
Find out what types of value are checking in equal function, it has to be string, not object. In my case it was role object.