There is "fictional" object with identity "class" only to call
insertClassAce and check if user can create comments, what is also
based on class ace. So the question is how to avoid of using fictional
object and work with class aces.
--
If you want to report a vulnerability issue on symfony, plea
On 18 май, 10:23, Tim Nagel wrote:
> You use a class OID.
>
> See CommentBundle's Acl
> implementation:https://github.com/FriendsOfSymfony/CommentBundle/blob/master/Acl/Sec...
Knownly using of invalid identifier leads to unnesessary sql query:
SELECT a.ancestor_id
FROM
acl_object_identities
On 17 май, 23:12, Carl wrote:
> I think roles would make more sense when it comes to accomplishing what you
> want to do here. After the object has been created and the ACL has been
> updated, then you can check to see if the user has permission to view the
> object.
Then why do we have permissio
+1
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe fro
I mean, is there some thing like this?
if ($this->get('security.context')->isGranted('VIEW', new
ClassIdentity('EntityBundle\Entity'))) {
...
}
Or it is only possible by using roles?
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.co
Is it planned to add method for retrieving all ace records for
specific user security identity?
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users"
