Under hood Acl manager is calling Acl voter to check the grant. And this Acl voter is calling Acl provider to guess all acl attached to this document.
//$oid is the $document
$acl = $this->aclProvider->findAcl($oid, $sids);
This bundle is looking for the object identity in 'lookupObjectIdentities' method
// FIXME: add support for filtering by sids (right now we select all sids)
$objIdentities = $this->getObjectIdentities($batch);
if (!$objIdentities->hasNext()) {
throw new AclNotFoundException('There is no ACL for the given object identity.');
}
Inside 'getObjectIdentities' Acl provider get all oids related with this object, and in our case this is empty, because this object is new and there is not any oid persisted. My expectation is after that is checking class aces to look if there is an acl allowing to create this object but the exception thrown because not oids were found do not allow continue the process. Acl voter is catching this exception and returning denied (without check CREATE mask in class level).
} catch (AclNotFoundException $noAcl) {
if (null !== $this->logger) {
$this->logger->debug('No ACL found for the object identity. Voting to deny access.');
}
return self::ACCESS_DENIED;
}
What I expect is that Acl provider would return the acl I have set for the class of this document. Is wrong my approach?
This is my class acl for the $document I want to get permissions.
I am trying to check if an user can create a specify object, doing something like that
Under hood Acl manager is calling Acl voter to check the grant. And this Acl voter is calling Acl provider to guess all acl attached to this document.
This bundle is looking for the object identity in 'lookupObjectIdentities' method
Inside 'getObjectIdentities' Acl provider get all oids related with this object, and in our case this is empty, because this object is new and there is not any oid persisted. My expectation is after that is checking class aces to look if there is an acl allowing to create this object but the exception thrown because not oids were found do not allow continue the process. Acl voter is catching this exception and returning denied (without check CREATE mask in class level).
What I expect is that Acl provider would return the acl I have set for the class of this document. Is wrong my approach?
This is my class acl for the $document I want to get permissions.
Thanks in advance