Wednesday, September 12, 2012

Using ACLs and ACEs in Symfony 2

Symfony 2 has a couple of pages on how to use Access Control Lists (ACLs) which only describe how to create an Access Control Entry (ACE), but not how to maintain (update/remove) them.

The updating/removing of ACE's is a bit harder than creating a new one. Therefore I just wanted to share a simple example. This code comes from a UserController where a User object can be assigned to one or multiple companies which (s)he should be able to manage.

Symfony 2 and the case of the missing ROLE_PREVIOUS_ADMIN role

In the Symfony 2 manual there's a small part about 'Impersonating a User', which talks about how you can switch between users if you are an administrator. After following the steps, as discussed in the manual, I wanted to find a way to see if the current logged in user was an impersonation, or the real user. After searching on Google for a bit, I found a couple of posts (1, 2, 3) that all described that the impersonated user should have the role 'ROLE_PREVIOUS_ADMIN'. But for some case my impersonated users did not have that role.