/** * Sets the Access Control Level for the user for this project. * * @param UserProjects $userProject * * @throws AccessDeniedException */ protected function createACLSettings(UserProjects $userProject) { // creating the ACL $user = $userProject->getUser(); $project = $userProject->getProject(); $aclProvider = $this->container->get('security.acl.provider'); $objectIdentity = ObjectIdentity::fromDomainObject($project); // retrieving the security identity of the currently logged-in user $securityIdentity = UserSecurityIdentity::fromAccount($user); try { $acl = $aclProvider->findAcl($objectIdentity); //Delete any Exisitng acls for this users. Only the Username seems to work $aces = $acl->getObjectAces(); foreach ($aces as $i => $ace) { if ($ace->getSecurityIdentity()->equals($securityIdentity)) { //if($ace->getSecurityIdentity()->getUsername() == $user->getUsername()){ // Got it! Let's remove it! $acl->deleteObjectAce($i); } } } catch (\Symfony\Component\Security\Acl\Exception\AclNotFoundException $e) { $acl = $aclProvider->createAcl($objectIdentity); } // grant owner access if ($userProject->getRoles() == 'Reporter') { $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_VIEW); } elseif ($userProject->getRoles() == 'Developer') { $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OPERATOR); } elseif ($userProject->getRoles() == 'Master') { $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_MASTER); } elseif ($userProject->getRoles() == 'Owner') { $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); } else { throw new AccessDeniedException('User Role is not valid'); } $aclProvider->updateAcl($acl); }