public function deny(Entity\Role $role, Entity\Permission $permission) { if ($role->hasReadOnlyPermissions()) { throw new Zax\Security\ForbiddenRequestException('This role has read-only permissions.'); } $acl = $this->getBy(['role.id' => $role->id, 'permission.id' => $permission->id]); if ($acl === NULL) { $acl = $this->create(); $acl->role = $role; $acl->permission = $permission; } $acl->allow = FALSE; $this->persist($acl); return $acl; }