On Nov 3, 2011, at 19:45 , Joshua wrote: > Hi All, > > So for about 6 months I've been looking into how to use ACL for > fetching multiple entities in a pager format (meaning a fixeed number > of items). I've been unable to find a solution - there is a dozen > unanswered posts about this on StackOverflow so I think it's a real > concern - I have seen some heavy heavy patch on github to attempt this > but that was it. > > I think this is a very common issue - the only answer offered are > always - fetch all items and then do your acl which is ridiculous and > completely unviable solution for a site that has more than a handful > of entities. The other suggestion is to perform sql joins with the > acl tables myself - which them makes me wonder as to the design of the > acl component. > > I would really really like some core devs to address this - if it is > possible then please please add this to the documentation. We've been > wanting to switch from 1.2 to 2 but cannot use ACL until this is > addressed.
I do not think its really possible or at least it will require a major effort. Essentially it would require storing the ACL's in the same database system as the content you want to fetch and then manipulating the query before its executed to add whatever is needed to perform the ACL checks inside the query. This would be a major departure from the current approach, which is much simpler, but also way more flexible. I see 3 possible solutions: 1) Implement something like I explained above independently. Back when I was working on PEAR::LiveUser I did exactly that, although since I wasnt using an ORM I manually added the relevant checks to my queries. With Doctrine it should be possible to add an SQLWalker to automate that. 2) When querying the database, do not set a limit and do not use buffered results and then simply iterate over the result until you have exactly the number of results you need and then free the result set 3) If you are mostly in need of this for content management apps, help the CMF [1] team to implement the planned support for ACL checks inside PHPCR [2] regards, Lukas Kahwe Smith m...@pooteeweet.org [1] http://cmf.symfony.com [2] http://phpcr.github.com -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to symfony-devs@googlegroups.com To unsubscribe from this group, send email to symfony-devs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
