Skip to content

Instantly share code, notes, and snippets.

@Brammm

Brammm/gist:5568265

Last active December 17, 2015 06:49
Show Gist options
  • Save Brammm/5568265 to your computer and use it in GitHub Desktop.
Save Brammm/5568265 to your computer and use it in GitHub Desktop.
Download ZIP
Overwriting/extending ACL permissions
Raw
gistfile1.php
/*
In security.yml I declared a parameter (for the life of me, I can't remember if this was important):
# security.yml
parameters:
security.acl.permission.map.class: Acme\DemoBundle\Security\Acl\Permission\PermissionMap
In services.yml I redeclare the acl collection cache service:
# services.yml
security.acl.collection_cache:
class: %security.acl.collection_cache.class%
arguments: [@security.acl.provider, @security.acl.object_identity_retrieval_strategy, @security.acl.security_identity_retrieval_strategy]
This uses my PermissionMap.php:
*/
<?php
# Acme\DemoBundle\Security\Acl\Permission\PermissionMap.php
namespace Acme\DemoBundle\Security\Acl\Permission;
use Symfony\Component\Security\Acl\Permission\PermissionMapInterface;
// we don't use the Symfony MaskBuilder
class PermissionMap implements PermissionMapInterface
{
const PERMISSION_VIEW = 'VIEW';
const PERMISSION_EDIT = 'EDIT';
const PERMISSION_CREATE = 'CREATE';
const PERMISSION_DELETE = 'DELETE';
const PERMISSION_UNDELETE = 'UNDELETE';
const PERMISSION_OPERATOR = 'OPERATOR';
const PERMISSION_MASTER = 'MASTER';
const PERMISSION_OWNER = 'OWNER';
// your own permissions here
const PERMISSION_COPY = 'COPY';
const PERMISSION_REVIEW = 'REVIEW';
private $map = array(
self::PERMISSION_VIEW => array(
MaskBuilder::MASK_VIEW,
MaskBuilder::MASK_EDIT,
MaskBuilder::MASK_COPY,
MaskBuilder::MASK_REVIEW,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
self::PERMISSION_EDIT => array(
MaskBuilder::MASK_EDIT,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
// don't forget to add maps
self::PERMISSION_COPY => array(
MaskBuilder::MASK_COPY,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
self::PERMISSION_REVIEW => array(
MaskBuilder::MASK_REVIEW,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
self::PERMISSION_CREATE => array(
MaskBuilder::MASK_CREATE,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
self::PERMISSION_DELETE => array(
MaskBuilder::MASK_DELETE,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
self::PERMISSION_UNDELETE => array(
MaskBuilder::MASK_UNDELETE,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
self::PERMISSION_OPERATOR => array(
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
self::PERMISSION_MASTER => array(
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
self::PERMISSION_OWNER => array(
MaskBuilder::MASK_OWNER,
),
);
/**
* {@inheritDoc}
*/
public function getMasks($permission, $object)
{
if (!isset($this->map[$permission])) {
return null;
}
return $this->map[$permission];
}
/**
* {@inheritDoc}
*/
public function contains($permission)
{
return isset($this->map[$permission]);
}
}
/*
In the same folder I extend the Symfony MaskBuilder:
*/
<?php
# Acme\DemoBundle\Security\Acl\Permission\MaskBuilder.php
namespace Acme\DemoBundle\Security\Acl\Permission;
use Symfony\Component\Security\Acl\Permission\MaskBuilder as BaseMaskBuilder;
class MaskBuilder extends BaseMaskBuilder
{
const MASK_COPY = 256; // 1 << 8
const MASK_REVIEW = 512; // 1 << 9
const CODE_COPY = 'X';
const CODE_REVIEW = 'R';
}
/*
Note: at the moment you have to create your own PermissonMap and implement the interface.
Theres no point of extending the existing PermissonMap as it's using private constants and methods.
I have submitted a Pull Request (which has been merged in the master) that fixes this.
See https://github.com/symfony/symfony/pull/7601
*/
@LauLaman
Copy link

Thanks! this helped me a lot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment