Symfony2 Group permissions with ACL

Question

Where I work we are designing a webapp in which users may belong to multiple groups and each group has access on a set of resources not known in advanced. Plus, users can enter or leave groups and groups can acquire or lose access to resources, so the whole permission granting system needs to be dynamic.

We are using Symfony2 and the FOSUserBundle.

We like how the ACL system works, but we could not find a way to apply it to the Group object.

Has anyone done something like that with Symfony? Or do you have any suggestion on how to implement it in other ways?

Answer 1

According to the cookbook, you can use the RoleSecurityIdentity instead of just the UserSecurityIdentity. So from my understanding of it your Role is your Group. Im working on a similar issue now. When have have done a little more with it Ill try and update this with some code snippets.

But for now have a look at: http://symfony.com/doc/current/cookbook/security/acl_advanced.html

EDIT:

We have gone in another direction and are instead going more with a permission per controller action system. So every controller action is assigned a permission name using annotations.

#SomeDomain/SomeBundle/Controller/SomeController.php
/**
 * @Permissions(perm="some.name.for.the.node")
 */
 public function indexAction(){ ... }

Then we have a permission bundle with a service that checks the permissions when a controller function is called. Our admins are given a GUI that will allow them to manage the permissions that groups will have and individual users.

Check out this gist that inspired what we are doing: https://gist.github.com/1391850

Im aware this isnt the acl system you were looking for but just thought i would update with what we are doing.