Home/ Questions/Q 7666757
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T14:54:57+00:00

In a multi tenant web application should Symfony2 ACL framework be used for checking

  • 0

In a multi tenant web application should Symfony2 ACL framework be used for checking the ownership of domain objects?

I can’t get the point since (assuming each table has a back reference to the User object) i can simply check current user id against the entity owner id, like the following:

/*
 * @Route("/edit/{slug}")
 * @Method("GET|POST")
 * @Secure(roles="ROLE_USER")
 * @Template
 */
public function editAction($slug);
{
    // Find the post given the slug
    $repo    = $this->getDoctrine()->getRepository('AcmeHelloBundle:Post');
    $entity  = $repo->findOneBySlug($slug);
    $current = $this->get('security.contex')->getToken()->getUser();

    // 404 if slug is invalid
    if(!$entity) throw new $this->createNotFoundException();

    // AccessDenied if current user is not the owner of the entity
    if($current->getId() != $entity->getUser()->getId())
        throw new AccessDeniedException();
}

Maybe ACL can help avoiding back referencing each entity to the user table? Any explanation or example would be helpful, thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    ACL is useful when you have a scenario that multiple people have access to same domain. The ACL documentation has a good example for that.

    For example, lets say you have SaaS providing collaborative document editing for companies. A company may want to restrict access to a document, to only allow the executives of the company to edit it and not the employees. In that scenario, you can’t use the User token alone, since multiple members needs to access to the domain. This is where the usefulness of ACL comes in.

    • 0