make the advantage and disadvantage of the ACL more clear #2989
Conversation
For me as a SF2 developer to handle data manipulation was pretty new to me. So I asked in the irc and searched the web and finally landed on this documentation page. So it looked like this is the way to go and it is a usual thing like using bundles in SF2. But it isnt, it is a far more complex permission handler which will work upfront and is not that much flexible. I would highly recommend to add at least some notes, so that other developers getting a note on that and can maybe save some days of work as the opposite of me.
| @@ -216,3 +216,16 @@ added above: | |||
| The user is now allowed to view, edit, delete, and un-delete objects. | |||
|
|
|||
| .. _`MongoDBAclBundle`: https://github.com/IamPersistent/MongoDBAclBundle | |||
|
|
|||
| Looking for alternatives | |||
| a classical and simple conditional permission check would fit for you. | ||
| Some do it with the existing voter structure as well, or custom build solutions. | ||
|
|
||
| .. _`Voters`: http://symfony.com/doc/current/cookbook/security/voters.html |
There was a problem hiding this comment.
links to other pages of the doc should not hardcode the url but use internal references instead (so that they link to the same version of the doc)
|
Hey Michael! I think this is a great idea. I've patched your changes into the 2.2 branch at sha: a73bc77, sha: 3fb6353 and sha: 3324e1c I personally don't like the ACL system and think that it's useful in only the most complex cases (which I haven't run into personally). But I'm not sure if it's been useful to other people, so I'm careful to not make it look like a terrible alternative. Still, I've taken your message further at sha: 74897e3. If anyone has any issues, or if we're bullying ACL's too much, then speak! Again, it's my personal opinion that voters are a much easier way to solve this problem. Thanks! |
|
Cool! Again, my aim is not to blame ACL, but to make it even more clear that this is not the one way to go. Cheers. |
|
In addition, I would love to see to point more out, that ACL is working upfront and it is very difficult to make heavy changes afterwards to it. While the opposite/alternative (voters) are doing their job just in time (checking the conditions on use). |
For me as a SF2 developer to handle data manipulation was pretty new to me. So I asked in the irc and searched the web and finally landed on this documentation page. So it looked like this is the way to go and it is a usual thing like using bundles in SF2. But it isnt, it is a far more complex permission handler which will work upfront and is not that much flexible.
I would highly recommend to add at least some notes, so that other developers getting a note on that and can maybe save some days of work as the opposite of me.