Hi, I'm facing a problem with ACL in my application developpement and it can be a problem for lot of project I think.
When I create ACL for a user, Symfony create a UserSecurityIdentity defined by an identifier which is a concatenation of userclass-username, and store it in the acl_security_identiies table. But in our application the username is the email of the user, and of course a user can change his email..You see the problem ? When a user change his email, all the ACE of his previous UserSecurityIdentity are not valid for him anymore... What solution we have ? - Override the UserSecurityIdentity so the ffromAccount method of the class UserSecurityIdentity...but how can I manage to override this class ? - Update the UserSecurityIdentity when the user change his email : But I don't think we have any method to update an entry of acl_security_identies ? - Just don't allow to change the username...Don't like it too much ;-) Any idea welcome. Thks Y -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to symfony-devs@googlegroups.com To unsubscribe from this group, send email to symfony-devs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
