René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"AclManager RetrievalStrategy is wrong (I think)","articleBody":"Hey, \n\nAbout this function : \n\n``` php\n    /**\n     * @param mixed $domainObject\n     * @param string $field\n     * @param int   $mask\n     * @param UserInterface | TokenInterface | RoleInterface $securityIdentity\n     * @param string $type\n     * @param string $field\n     * @param boolean $replace_existing\n     * @return \\Problematic\\AclManagerBundle\\Domain\\AbstractAclManager\n     */\n    protected function addPermission($domainObject, $field, $mask, $securityIdentity = null, $type = 'object', $replace_existing = false)\n    {\n        if(is_null($securityIdentity)){\n            $securityIdentity = $this-\u003egetUser();\n        }\n        $context = $this-\u003edoCreatePermissionContext($type, $field, $securityIdentity, $mask);\n        $oid = $this-\u003egetObjectIdentityRetrievalStrategy()-\u003egetObjectIdentity($domainObject);\n        $acl = $this-\u003edoLoadAcl($oid);\n        $this-\u003edoApplyPermission($acl, $context, $replace_existing);\n\n        $this-\u003egetAclProvider()-\u003eupdateAcl($acl);\n\n        return $this;\n    }\n```\n\nWhen you enter in her via this function :\n\n``` php\n    /**\n     * {@inheritDoc}\n     */\n    public function addClassPermission($domainObject, $mask, $securityIdentity = null)\n    {\n        $this-\u003eaddPermission($domainObject, null, $mask, $securityIdentity, 'class', false);\n    }\n```\n\nThe following line is wrong : `$oid = $this-\u003egetObjectIdentityRetrievalStrategy()-\u003egetObjectIdentity($domainObject);` in the way that use the wrong service (in `addPermission`function)\n\nBy default SecurityComponent provide this service `security.acl.object_identity_retrieval_strategy` but he can be apply only for `DomainObject` not for `Object`. And in case of call `AddClassPermission` or `serClassPermission` you didn't work with `DomainObject` but with `Object`.\n\nHere the code of `ObjectIdentityRetrievalStrategy` provided by default : \n\n``` php\n    /**\n     * {@inheritdoc}\n     */\n    public function getObjectIdentity($domainObject)\n    {\n        try {\n            return ObjectIdentity::fromDomainObject($domainObject);\n        } catch (InvalidDomainObjectException $failed) {\n            return;\n        }\n    }\n```\n\nSo when add class permission like :  `$aclManager-\u003eaddClassPermission(Media::CLASS, MaskBuilder::MASK_OPERATOR, $sid);` That trigger `InvalidDomainObjectException` and do nothing.\n\nSo, may i'm wrong ? or you must create your own `ObjectIdentityRetrievalStrategy` service to fix it ? (or dont call `ObjectIdentityRetrievalStrategy`in case of `Object`\n\nSo in my project I made a quick fix, to create my own service ObjectIdentityRetrievalStrategy, it's only for my need so to make it proper we must implement some setter, to configure identifier, but I only use `class` for this moment.\n\n``` php\nclass ObjectIdentityRetrievalStrategy extends \\Symfony\\Component\\Security\\Acl\\Domain\\ObjectIdentityRetrievalStrategy\n{\n    /**\n     * @param object $domainObject\n     *\n     * @return ObjectIdentityInterface|void\n     */\n    public function getObjectIdentity($domainObject)\n    {\n        if(is_string($domainObject)){\n            return new ObjectIdentity('class', $domainObject);\n        }\n\n        return parent::getObjectIdentity($domainObject);\n    }\n} \n```\n\nNOTE: On your example you show this : `$aclManager-\u003eaddClassPermission($comment, MaskBuilder::MASK_OWNER, $userEntity);` But when we work with `Object` the right call is  `$aclManager-\u003eaddClassPermission(Comment::CLASS, MaskBuilder::MASK_OWNER, $userEntity);` because it's not a `DomainObject` We want add the permission of all instance of $comment, not specially $comment.\n","author":{"url":"https://github.com/jjsaunier","@type":"Person","name":"jjsaunier"},"datePublished":"2014-10-14T09:51:00.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":2},"url":"https://github.com/35/ProblematicAclManagerBundle/issues/35"}