From 365a257404296dfdece0837142a6c6a73d4fb5c2 Mon Sep 17 00:00:00 2001 From: Michael Klein Date: Wed, 18 Sep 2013 10:18:15 +0100 Subject: [PATCH 1/3] make the advantage and disadvantage of the ACL more clear For me as a SF2 developer to handle data manipulation was pretty new to me. So I asked in the irc and searched the web and finally landed on this documentation page. So it looked like this is the way to go and it is a usual thing like using bundles in SF2. But it isnt, it is a far more complex permission handler which will work upfront and is not that much flexible. I would highly recommend to add at least some notes, so that other developers getting a note on that and can maybe save some days of work as the opposite of me. --- cookbook/security/acl.rst | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/cookbook/security/acl.rst b/cookbook/security/acl.rst index 4bcb44ab419..277c81d165c 100644 --- a/cookbook/security/acl.rst +++ b/cookbook/security/acl.rst @@ -216,3 +216,16 @@ added above: The user is now allowed to view, edit, delete, and un-delete objects. .. _`MongoDBAclBundle`: https://github.com/IamPersistent/MongoDBAclBundle + +Looking for alternatives +------------------------ + +For more simple use cases this seems to be an overhead for many developer. +As a downside there is that in case you change the permissions in any way, +you need to change all the existing granted permissions as well. As well +when you want to change a specific part of the ACL you need to understand +the structure and process of this complex voter. So you should consider if +a classical and simple conditional permission check would fit for you. +Some do it with the existing voter structure as well, or custom build solutions. + +.. _`Voters`: http://symfony.com/doc/current/cookbook/security/voters.html From b4c0c253067b3d2c8976ec8637464c93a18ba666 Mon Sep 17 00:00:00 2001 From: Michael Klein Date: Wed, 18 Sep 2013 13:04:40 +0100 Subject: [PATCH 2/3] added xabbuh corrections --- cookbook/security/acl.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cookbook/security/acl.rst b/cookbook/security/acl.rst index 277c81d165c..f8c77b849f6 100644 --- a/cookbook/security/acl.rst +++ b/cookbook/security/acl.rst @@ -217,10 +217,10 @@ The user is now allowed to view, edit, delete, and un-delete objects. .. _`MongoDBAclBundle`: https://github.com/IamPersistent/MongoDBAclBundle -Looking for alternatives +Looking for Alternatives ------------------------ -For more simple use cases this seems to be an overhead for many developer. +For more simple use cases this seems to be an overhead for many developers. As a downside there is that in case you change the permissions in any way, you need to change all the existing granted permissions as well. As well when you want to change a specific part of the ACL you need to understand From e8d84078b6f6cd867ebc27f0e249c90763e3e3d1 Mon Sep 17 00:00:00 2001 From: Michael Klein Date: Wed, 18 Sep 2013 13:44:27 +0100 Subject: [PATCH 3/3] =?UTF-8?q?added=20stof=C2=B4s=20corrections?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cookbook/security/acl.rst | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/cookbook/security/acl.rst b/cookbook/security/acl.rst index f8c77b849f6..7c6e324720d 100644 --- a/cookbook/security/acl.rst +++ b/cookbook/security/acl.rst @@ -215,8 +215,6 @@ added above: The user is now allowed to view, edit, delete, and un-delete objects. -.. _`MongoDBAclBundle`: https://github.com/IamPersistent/MongoDBAclBundle - Looking for Alternatives ------------------------ @@ -226,6 +224,7 @@ you need to change all the existing granted permissions as well. As well when you want to change a specific part of the ACL you need to understand the structure and process of this complex voter. So you should consider if a classical and simple conditional permission check would fit for you. -Some do it with the existing voter structure as well, or custom build solutions. +Some do it with the existing voter ":doc:`/cookbook/security/voters`" +structure as well, or a custom build solutions. -.. _`Voters`: http://symfony.com/doc/current/cookbook/security/voters.html +.. _`MongoDBAclBundle`: https://github.com/IamPersistent/MongoDBAclBundle