ACL ROLE_ADMIN does not work

New topics about Symfony 2 should go here

Moderators: tiagojsag, dcobalt

ACL ROLE_ADMIN does not work

Postby Mitchel » Mon Sep 17, 2012 2:03 pm

Hi there,

Maybe somebody here can help me.
I'm adding blog comments and add the rights on it.

The rights for the user who created the blog the rights are OK.
The rights for not logged user can view de comment so thats OK.
The Admin can not edit/delete the comment... But whats wrong?

Code: Select all
// - - - - - - - - - - - ACL- - - - - - - - - - - \\
// Creating the ACL
$aclProvider = $this->get('security.acl.provider');
$objectIdentity = ObjectIdentity::fromDomainObject($blogComment);
$acl = $aclProvider->createAcl($objectIdentity);

// Creating full access for the admin
$roleSecurityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
$acl->insertObjectAce($roleSecurityIdentity, MaskBuilder::MASK_MASTER );

// Creating view rights for the not-logged in users
$roleSecurityIdentity = new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY');
$acl->insertObjectAce($roleSecurityIdentity, MaskBuilder::MASK_VIEW );

// retrieving the security identity of the currently logged-in user
$securityContext = $this->get('security.context');
$user = $securityContext->getToken()->getUser();
$securityIdentity = UserSecurityIdentity::fromAccount($user);

// grant owner access
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);
// - - - - - - - - - - - ACL- - - - - - - - - - - \\


Code: Select all
Security
Username    Mitchel
Authenticated?    yes
Roles    [ROLE_ADMIN]


Database Dump:
Code: Select all
-- phpMyAdmin SQL Dump
-- version 3.5.2.2
-- http://www.phpmyadmin.net
--
-- Machine: localhost
-- Genereertijd: 17 sep 2012 om 14:19
-- Serverversie: 5.1.65
-- PHP-versie: 5.3.16

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";

--
-- Databank: `betaalbaarkozijn_new`
--

-- --------------------------------------------------------

--
-- Tabelstructuur voor tabel `acl_classes`
--

CREATE TABLE IF NOT EXISTS `acl_classes` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `class_type` varchar(200) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `UNIQ_69DD750638A36066` (`class_type`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;

--
-- Gegevens worden uitgevoerd voor tabel `acl_classes`
--

INSERT INTO `acl_classes` (`id`, `class_type`) VALUES
(1, 'MV\\BetaalbaarkozijnBundle\\Entity\\BlogComment');

-- --------------------------------------------------------

--
-- Tabelstructuur voor tabel `acl_entries`
--

CREATE TABLE IF NOT EXISTS `acl_entries` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `class_id` int(10) unsigned NOT NULL,
  `object_identity_id` int(10) unsigned DEFAULT NULL,
  `security_identity_id` int(10) unsigned NOT NULL,
  `field_name` varchar(50) DEFAULT NULL,
  `ace_order` smallint(5) unsigned NOT NULL,
  `mask` int(11) NOT NULL,
  `granting` tinyint(1) NOT NULL,
  `granting_strategy` varchar(30) NOT NULL,
  `audit_success` tinyint(1) NOT NULL,
  `audit_failure` tinyint(1) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `UNIQ_46C8B806EA000B103D9AB4A64DEF17BCE4289BF4` (`class_id`,`object_identity_id`,`field_name`,`ace_order`),
  KEY `IDX_46C8B806EA000B103D9AB4A6DF9183C9` (`class_id`,`object_identity_id`,`security_identity_id`),
  KEY `IDX_46C8B806EA000B10` (`class_id`),
  KEY `IDX_46C8B8063D9AB4A6` (`object_identity_id`),
  KEY `IDX_46C8B806DF9183C9` (`security_identity_id`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;

--
-- Gegevens worden uitgevoerd voor tabel `acl_entries`
--

INSERT INTO `acl_entries` (`id`, `class_id`, `object_identity_id`, `security_identity_id`, `field_name`, `ace_order`, `mask`, `granting`, `granting_strategy`, `audit_success`, `audit_failure`) VALUES
(1, 1, 1, 1, NULL, 0, 128, 1, 'all', 0, 0),
(2, 1, 1, 2, NULL, 1, 1, 1, 'all', 0, 0),
(3, 1, 1, 3, NULL, 2, 64, 1, 'all', 0, 0);

-- --------------------------------------------------------

--
-- Tabelstructuur voor tabel `acl_object_identities`
--

CREATE TABLE IF NOT EXISTS `acl_object_identities` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `parent_object_identity_id` int(10) unsigned DEFAULT NULL,
  `class_id` int(10) unsigned NOT NULL,
  `object_identifier` varchar(100) NOT NULL,
  `entries_inheriting` tinyint(1) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `UNIQ_9407E5494B12AD6EA000B10` (`object_identifier`,`class_id`),
  KEY `IDX_9407E54977FA751A` (`parent_object_identity_id`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;

--
-- Gegevens worden uitgevoerd voor tabel `acl_object_identities`
--

INSERT INTO `acl_object_identities` (`id`, `parent_object_identity_id`, `class_id`, `object_identifier`, `entries_inheriting`) VALUES
(1, NULL, 1, '1', 1);

-- --------------------------------------------------------

--
-- Tabelstructuur voor tabel `acl_object_identity_ancestors`
--

CREATE TABLE IF NOT EXISTS `acl_object_identity_ancestors` (
  `object_identity_id` int(10) unsigned NOT NULL,
  `ancestor_id` int(10) unsigned NOT NULL,
  PRIMARY KEY (`object_identity_id`,`ancestor_id`),
  KEY `IDX_825DE2993D9AB4A6` (`object_identity_id`),
  KEY `IDX_825DE299C671CEA1` (`ancestor_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
-- Gegevens worden uitgevoerd voor tabel `acl_object_identity_ancestors`
--

INSERT INTO `acl_object_identity_ancestors` (`object_identity_id`, `ancestor_id`) VALUES
(1, 1);

-- --------------------------------------------------------

--
-- Tabelstructuur voor tabel `acl_security_identities`
--

CREATE TABLE IF NOT EXISTS `acl_security_identities` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `identifier` varchar(200) NOT NULL,
  `username` tinyint(1) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `UNIQ_8835EE78772E836AF85E0677` (`identifier`,`username`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;

--
-- Gegevens worden uitgevoerd voor tabel `acl_security_identities`
--

INSERT INTO `acl_security_identities` (`id`, `identifier`, `username`) VALUES
(2, 'IS_AUTHENTICATED_ANONYMOUSLY', 0),
(1, 'MV\\BetaalbaarkozijnBundle\\Entity\\User-User', 1),
(3, 'ROLE_ADMIN', 0);

--
-- Beperkingen voor gedumpte tabellen
--

--
-- Beperkingen voor tabel `acl_entries`
--
ALTER TABLE `acl_entries`
  ADD CONSTRAINT `FK_46C8B8063D9AB4A6` FOREIGN KEY (`object_identity_id`) REFERENCES `acl_object_identities` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
  ADD CONSTRAINT `FK_46C8B806DF9183C9` FOREIGN KEY (`security_identity_id`) REFERENCES `acl_security_identities` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
  ADD CONSTRAINT `FK_46C8B806EA000B10` FOREIGN KEY (`class_id`) REFERENCES `acl_classes` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;

--
-- Beperkingen voor tabel `acl_object_identities`
--
ALTER TABLE `acl_object_identities`
  ADD CONSTRAINT `FK_9407E54977FA751A` FOREIGN KEY (`parent_object_identity_id`) REFERENCES `acl_object_identities` (`id`);

--
-- Beperkingen voor tabel `acl_object_identity_ancestors`
--
ALTER TABLE `acl_object_identity_ancestors`
  ADD CONSTRAINT `FK_825DE2993D9AB4A6` FOREIGN KEY (`object_identity_id`) REFERENCES `acl_object_identities` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
  ADD CONSTRAINT `FK_825DE299C671CEA1` FOREIGN KEY (`ancestor_id`) REFERENCES `acl_object_identities` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;


Thnx,
Regards Mitchel
Mitchel
Junior Member
 
Posts: 14
Joined: Tue May 29, 2012 3:46 pm

Re: ACL ROLE_ADMIN does not work

Postby Mitchel » Fri Sep 21, 2012 11:40 am

Is there somebody who can help me out?
Mitchel
Junior Member
 
Posts: 14
Joined: Tue May 29, 2012 3:46 pm

Re: ACL ROLE_ADMIN does not work

Postby dcobalt » Fri Sep 21, 2012 4:27 pm

I'm not too familiar with object-level ACL, but at least in my case, ROLE_ADMIN by itself is not enough , you either need ROLE_SUPER_ADMIN, or the corresponding ROLE_ADMIN_<ENTITY>_EDIT/CREATE/DELETE. But I don't know if that applies to your case. What happens when you use ROLE_SUPER_ADMIN instead?
dcobalt
Faithful Member
 
Posts: 283
Joined: Thu Oct 20, 2011 6:06 pm

Re: ACL ROLE_ADMIN does not work

Postby Mitchel » Sat Sep 22, 2012 12:38 am

dcobalt wrote:I'm not too familiar with object-level ACL, but at least in my case, ROLE_ADMIN by itself is not enough , you either need ROLE_SUPER_ADMIN, or the corresponding ROLE_ADMIN_<ENTITY>_EDIT/CREATE/DELETE. But I don't know if that applies to your case. What happens when you use ROLE_SUPER_ADMIN instead?


That is not correct, even if I create a own role it wont works.


If you got stackoverflow account plz up vote:

http://stackoverflow.com/questions/1246 ... s-not-work
Mitchel
Junior Member
 
Posts: 14
Joined: Tue May 29, 2012 3:46 pm

Re: ACL ROLE_ADMIN does not work

Postby Mitchel » Tue Sep 25, 2012 1:19 pm

Is there really nobody on the symfony forums including the staff who can help me?
Mitchel
Junior Member
 
Posts: 14
Joined: Tue May 29, 2012 3:46 pm

Re: ACL ROLE_ADMIN does not work

Postby tiagojsag » Tue Sep 25, 2012 1:36 pm

Hi,

Which symfony version are you using? 2.0 or 2.1? If 2.0.x, check if you are not running into this issue: http://forum.symfony-project.org/viewtopic.php?f=23&t=36549&p=123155
The last post fixes the issue, and it has already been resolved for 2.1.x

Cheers
Tiago Garcia
@tiagojsag

Core Web Developer @ Shopware
http://www.shopware.de
User avatar
tiagojsag
Faithful Member
 
Posts: 884
Joined: Wed Aug 10, 2011 4:58 pm

Re: ACL ROLE_ADMIN does not work

Postby Mitchel » Sat Sep 29, 2012 1:16 pm

I have updated my version to 2.1.2 and still it does not work.
What can be the problem? :(
Mitchel
Junior Member
 
Posts: 14
Joined: Tue May 29, 2012 3:46 pm


Return to General Symfony 2 discussion

Who is online

Users browsing this forum: No registered users and 8 guests

cron