Home/ Questions/Q 7672343
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T16:15:49+00:00

The documentation lacks some details about ACL . It’ simple as invoking createAcl on

  • 0

The documentation lacks some details about ACL. It’ simple as invoking createAcl on the domain object after persisting it. Then putting a mask with insertObjectAce on the user/object.

But how internally Symfony2 manage ACL? Are some extra columns added to the table?

$entityManager = $this->get('doctrine.orm.default_entity_manager');
$entityManager->persist($comment);
$entityManager->flush();

// creating the ACL
$aclProvider = $this->get('security.acl.provider');
$objectIdentity = ObjectIdentity::fromDomainObject($comment);
$acl = $aclProvider->createAcl($objectIdentity);

// retrieving the security identity of the currently logged-in user
$securityContext = $this->get('security.context');
$user = $securityContext->getToken()->getUser();
$securityIdentity = UserSecurityIdentity::fromAccount($user);

// grant owner access
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It creates bunch of new tables,

    The tables are ordered from least rows to most rows in a typical
    application:

    • acl_security_identities: This table records all security identities (SID) which hold ACEs. The default implementation ships with two
      security identities: RoleSecurityIdentity, and UserSecurityIdentity
    • acl_classes: This table maps class names to a unique id which can be referenced from other tables.
    • acl_object_identities: Each row in this table represents a single domain object instance.
    • acl_object_identity_ancestors: This table allows us to determine all the ancestors of an ACL in a very efficient way.
    • acl_entries: This table contains all ACEs. This is typically the table with the most rows. It can contain tens of millions without significantly impacting performance.

    in fact this chapter explains to you a lot of things about how ACL are managed internally by Symfony2 :

    http://symfony.com/doc/current/cookbook/security/acl_advanced.html

    • 0