I create a new RoleSecurityIdentity and ROLE if a new UserGroup is generated. Like:
new RoleSecurityIdentity('ROLE_GROUP-'.$groupName);
If the Admin creates a new Object, like a Media, he can assign the Groups to the Media to View:
$acl->insertObjectAce($groupSecurityIdentity, MaskBuilder::MASK_VIEW);
Now i have the Problem, that i don´t know how to revoke all the Aces of the RoleSecurityIdentity if i remove a Group?
Are there any ready Functions etc.? Didn´t found some yet, so i coded this:
$connection = $this->getDoctrine()->getManager()->getConnection();
// find securityIdentity ID
$secIdSearch = $connection->prepare('select * from acl_security_identities where identifier = "'.$groupRole.'"');
$secIdSearch->execute();
$secIdFetch = $secIdSearch->fetch();
$securityIdentitiyId = $secIdFetch['id'];
if($securityIdentitiyId):
// Delete all connected Object Entities for this RoleIdentitiys
$connection->prepare('DELETE FROM acl_entries where security_identity_id ='.$securityIdentitiyId)->execute();
// Remove the Role Identitiy itself.
$connection->prepare('DELETE FROM acl_security_identities where id ='.$securityIdentitiyId)->execute();
endif;
It not only looks really dirty, if i want to save a new ACL on a Object i removed the Ace from, i get a
Notice: Undefined offset: 6 in /../../Acl/Dbal/MutableAclProvider.php line 842
because the ace_order isn´t correct.
Is there a solution already? Or i have to go my way and have to re order the aces?