ACL Manager for Symfony2
Latest commit a4382d1 Mar 11, 2016 @Problematic Merge pull request #38 from taylankasap/patch-1
Fixed MaskBuilder case in readme
Failed to load latest commit information.
DependencyInjection create DI extension to load services automatically Jun 23, 2011
Domain Fix for filtering preloaded acl by sids Apr 3, 2014
Model A try to add field support to AclManager Oct 10, 2013
.gitignore clean out .gitignore Sep 13, 2011
LICENSE add explict MIT license - copied from the Symfony project. Sep 24, 2014
ProblematicAclManagerBundle.php Fixed MaskBuilder case in readme Mar 11, 2016
composer.json Fixing trailing comma in composer.json Jun 20, 2012


Add this bundle to your composer.json file:

    "require": {
        "problematic/acl-manager-bundle": "dev-master"

Register the bundle in app/AppKernel.php:


// app/AppKernel.php
public function registerBundles()
    return array(
        // ...
        new Problematic\AclManagerBundle\ProblematicAclManagerBundle(),

If you haven't configured the ACL enable it in app/config/security.yml:

# app/config/security.yml
        connection: default

Finally run the ACL init command

php app/console init:acl



$comment = new Comment(); // create some entity
// ... do work on entity

$em->flush(); // entity must be persisted and flushed before AclManager can act on it (needs identifier)
$aclManager = $this->get('problematic.acl_manager');

// Adds a permission no matter what other permissions existed before
$aclManager->addObjectPermission($comment, MaskBuilder::MASK_OWNER, $userEntity);
// Or:
$aclManager->addObjectPermission($comment, MaskBuilder::MASK_OWNER);
// Replaces all current permissions with this new one
$aclManager->setObjectPermission($comment, MaskBuilder::MASK_OWNER, $userEntity);
$aclManager->revokePermission($comment, MaskBuilder::MASK_DELETE, $userEntity);
$aclManager->revokeAllObjectPermissions($comment, $userEntity);

// Same with class permissions:
$aclManager->addClassPermission($comment, MaskBuilder::MASK_OWNER, $userEntity);
$aclManager->setClassPermission($comment, MaskBuilder::MASK_OWNER, $userEntity);
$aclManager->revokePermission($comment, MaskBuilder::MASK_DELETE, $userEntity, 'class');
$aclManager->revokeAllClassPermissions($comment, $userEntity);

// You can alse use object-field...
$aclManager->addObjectFieldPermission($comment, 'title', MaskBuilder:MASK_EDIT, $userEntity);
$aclManager->setObjectFieldPermission($comment, 'title', MaskBuilder:MASK_EDIT, $userEntity);
$aclManager->revokeFieldPermission($comment,, 'title' MaskBuilder::MASK_DELETE, $userEntity);
$aclManager->revokeAllObjectFieldPermissions($comment, 'title', $userEntity);
// ...and class-field scope permissions :
$aclManager->addClassFieldPermission($comment, 'title', MaskBuilder:MASK_EDIT, $userEntity);
$aclManager->setClassFieldPermission($comment, 'title', MaskBuilder:MASK_EDIT, $userEntity);
$aclManager->revokeFieldPermission($comment,, 'title' MaskBuilder::MASK_DELETE, $userEntity, 'class');
$aclManager->revokeAllClassFieldPermissions($comment, 'title', $userEntity);


If no $userEntity is provided, the current session user will be used instead.

If you'll be doing work on a lot of entities, use AclManager#preloadAcls():


$products = $repo->findAll();

$aclManager = $this->get('problematic.acl_manager');

// ... carry on