我的ACL有问题:
我使用类作用域来授予Role权限.
这是我声明ClassAce的代码:
$objectIdentity = new \Symfony\Component\Security\Acl\Domain\ObjectIdentity('class', 'Complete\\Class\\Name');
try
{
$acl = $aclProvider->findAcl($objectIdentity);
}
catch (\Symfony\Component\Security\Acl\Exception\Exception $e)
{
$acl = $aclProvider->createAcl($objectIdentity);
}
// retrieving the security identity of the currently role
$securityIdentity = new \Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity($role);
// grant owner access
$acl->insertClassAce($securityIdentity, \Symfony\Component\Security\Acl\Permission\MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);
这是我检查访问权限的代码:
$securityContext = $this->get('security.context');
$oid = new \Symfony\Component\Security\Acl\Domain\ObjectIdentity('class', 'Complete\\Class\\Name');
if (false === $securityContext->isGranted('EDIT', $oid))
{
throw new \Symfony\Component\Security\Core\Exception\AccessDeniedException();
}
我收到一个AccessDeniedExeption,日志中显示消息:"找不到对象标识的ACL.投票拒绝访问."
我可以通过更改RoleSecurityIdentity的equals函数来解决这个问题
原来的功能是
public function equals(SecurityIdentityInterface $sid)
{
if (!$sid instanceof RoleSecurityIdentity) {
return false;
}
return $this->role === …