Symfony2：ClassACE和ObjectACE [英] Symfony2: ClassACE and ObjectACE

问题描述

ACL类对该类的所有对象都具有权限？
还是仅对自身具有权限，对对象没有权限？
让我在Symfony2上进行解释：

The ACL class have permissions on all objects of that class? Or only have permission on itself and not on the objects? Let me explain on Symfony2:

我有一个实体订单和5个已创建的订单。如果我授予所有者对类Order的权限，我是否有权编辑所有对象？

I have an Entity Order and 5 created Orders. If I give owner permission to the class Order I have grants to edit all the objects?

$objectIdentity = new ObjectIdentity('class', 'Acme\DemoBundle\Entity\Order');
$securityIdentity = new RoleSecurityIdentity($role->getRole());
$acl = $aclProvider->createAcl($objectIdentity);
$acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);

编辑
实际上我有两个问题：

EDIT Actually I have 2 problems:

第一个问题：
我遇到的问题是使用RoleSecurityIdentity时。它对我不起作用。如果我使用UserSecurityIdentity，则可以完美地适用于每个对象。
此示例可以正常工作：

FIRST PROBLEM: The problem I have is when I use RoleSecurityIdentity. It don't works for me. If I use UserSecurityIdentity works perfectly for every object. This example works fine:

    foreach($orders as $order) {
        $objectIdentity = ObjectIdentity::fromDomainObject($salesOrder);
        $acl = $aclProvider->createAcl($objectIdentity);
        $securityIdentity = new UserSecurityIdentity(
          'admin', 
          'Acme\CoreBundle\Entity\User');
        $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
        $aclProvider->updateAcl($acl);
    }

用户管理员拥有OWNER授权！

User Admin have OWNER grants !

此示例不起作用：

    foreach($orders as $order) {
        $objectIdentity = ObjectIdentity::fromDomainObject($salesOrder);
        $acl = $aclProvider->createAcl($objectIdentity);
        $securityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
        $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
        $aclProvider->updateAcl($acl);
    }

具有ROLE_ADMIN的用户没有授予对象的权限！

Users with ROLE_ADMIN don't have grants to objects!

第二个问题：
如果我将OWNER赠款应用于课程Order，则我没有赠款来访问实体：让我解释一下：

SECOND PROBLEM: If I apply OWNER grants to the class Order i don't have grants to access to the entities: Let me explain:

    $objectIdentity = new ObjectIdentity('class', 'Neventum\PaymentBundle\Entity\SalesOrder');
    $acl = $aclProvider->createAcl($objectIdentity);
    $securityIdentity = UserSecurityIdentity::fromAccount($admin);
    $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
    $aclProvider->updateAcl($acl);

我需要管理员用户始终有权访问Order实体的所有对象。

I need the admin user always has access to all objects of the Order entity.

推荐答案

我已解决！

问题出在用户实体的getRoles方法上

The problem was on the getRoles method on User Entity.

之前是这样的：

function getRoles() {
    return $this->roles->toArray();
}

我已更改为：

function getRoles()
{
    $roles = array();
    foreach($this->userRoles as $userRole) {
        $roles[] = $userRole->getRole();
    }
    return $roles;
}

如果有人知道我为什么会升值

If anyone knows why I would appreciate

这篇关于Symfony2：ClassACE和ObjectACE的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！