I think isGranted() requires that there be an entry for the object in the database for it to work properly. Otherwise how would it know whether someone has the right permissions to access the object? I'm pretty sure that what you have there will always fail since there isn't an entry in the database for that object.
I think roles would make more sense when it comes to accomplishing what you want to do here. After the object has been created and the ACL has been updated, then you can check to see if the user has permission to view the object. -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
