ACL Manager for Symfony2
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
DependencyInjection create DI extension to load services automatically Jun 23, 2011
Domain Fix for filtering preloaded acl by sids Apr 3, 2014
Model A try to add field support to AclManager Oct 10, 2013
Resources/config Fix for filtering preloaded acl by sids Apr 3, 2014
.gitignore clean out .gitignore Sep 13, 2011
LICENSE add explict MIT license - copied from the Symfony project. Sep 24, 2014
ProblematicAclManagerBundle.php A try to add field support to AclManager Oct 10, 2013
composer.json Fixing trailing comma in composer.json Jun 20, 2012


Add this bundle to your composer.json file:

    "require": {
        "problematic/acl-manager-bundle": "dev-master"

Register the bundle in app/AppKernel.php:


// app/AppKernel.php
public function registerBundles()
    return array(
        // ...
        new Problematic\AclManagerBundle\ProblematicAclManagerBundle(),

If you haven't configured the ACL enable it in app/config/security.yml:

# app/config/security.yml
        connection: default

Finally run the ACL init command

php app/console init:acl



$comment = new Comment(); // create some entity
// ... do work on entity

$em->flush(); // entity must be persisted and flushed before AclManager can act on it (needs identifier)
$aclManager = $this->get('problematic.acl_manager');

// Adds a permission no matter what other permissions existed before
$aclManager->addObjectPermission($comment, MaskBuilder::MASK_OWNER, $userEntity);
// Or:
$aclManager->addObjectPermission($comment, MaskBuilder::MASK_OWNER);
// Replaces all current permissions with this new one
$aclManager->setObjectPermission($comment, MaskBuilder::MASK_OWNER, $userEntity);
$aclManager->revokePermission($comment, MaskBuilder::MASK_DELETE, $userEntity);
$aclManager->revokeAllObjectPermissions($comment, $userEntity);

// Same with class permissions:
$aclManager->addClassPermission($comment, MaskBuilder::MASK_OWNER, $userEntity);
$aclManager->setClassPermission($comment, MaskBuilder::MASK_OWNER, $userEntity);
$aclManager->revokePermission($comment, MaskBuilder::MASK_DELETE, $userEntity, 'class');
$aclManager->revokeAllClassPermissions($comment, $userEntity);

// You can alse use object-field...
$aclManager->addObjectFieldPermission($comment, 'title', MaskBuilder:MASK_EDIT, $userEntity);
$aclManager->setObjectFieldPermission($comment, 'title', MaskBuilder:MASK_EDIT, $userEntity);
$aclManager->revokeFieldPermission($comment,, 'title' MaskBuilder::MASK_DELETE, $userEntity);
$aclManager->revokeAllObjectFieldPermissions($comment, 'title', $userEntity);
// ...and class-field scope permissions :
$aclManager->addClassFieldPermission($comment, 'title', MaskBuilder:MASK_EDIT, $userEntity);
$aclManager->setClassFieldPermission($comment, 'title', MaskBuilder:MASK_EDIT, $userEntity);
$aclManager->revokeFieldPermission($comment,, 'title' MaskBuilder::MASK_DELETE, $userEntity, 'class');
$aclManager->revokeAllClassFieldPermissions($comment, 'title', $userEntity);


If no $userEntity is provided, the current session user will be used instead.

If you'll be doing work on a lot of entities, use AclManager#preloadAcls():


$products = $repo->findAll();

$aclManager = $this->get('problematic.acl_manager');

// ... carry on