public function deny(Entity\Role $role, Entity\Permission $permission)
{
if ($role->hasReadOnlyPermissions()) {
throw new Zax\Security\ForbiddenRequestException('This role has read-only permissions.');
}
$acl = $this->getBy(['role.id' => $role->id, 'permission.id' => $permission->id]);
if ($acl === NULL) {
$acl = $this->create();
$acl->role = $role;
$acl->permission = $permission;
}
$acl->allow = FALSE;
$this->persist($acl);
return $acl;
}
