Our system allows for an unlimited level of nested Company
entities (domain object), with each User
assigned to a single company. For any given user, all users assigned to a company in the tree beneath them are rights managed by that user.
Each User
can be assigned certain security attributes for a given class (ie the ADD
attribute for blog posts) as well as security attributes for an object of a given class (ie the EDIT
attribute on blog post X). These attributes should also be available to any users above them in the company tree.
It seems like this structure does not fit into the default security roles or Symfony ACL system very well.
Creating an Access Control Entry (ACE) to assign rights for every user that has access to an object seems inefficient, and given the complexity of the user structure outlined above, assigning access to all users of a certain role would be cumbersome.
Is there a way to make this fit with a custom instance of SecurityIdentityInterface
, or should I use a custom security voter?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.