OroPlatform Forums

Covering OroPlatform topics, including community updates and company announcements.

This topic contains 5 replies, has 3 voices, and was last updated by  Vova Soroka 10 years, 1 month ago.

Starting from March 1, 2020 the forum has been switched to the read-only mode. Please head to StackOverflow for support.

  • Creator
    Topic
  • #35463

    luemic
    Participant

    Hi there,

    can you explain how to setup an ACL for a custom module using the ORO Security Bundle. I’ve tried to use the annotations which are described in the readme of the security bundle, but it does not work for me. I tried to create a fixture for it (according to the samples I found within the OroCRM) but I got Symfony\Component\Security\Acl\Exception\InvalidDomainObjectException with the message An ACL extension was not found for: Entity:FooHelloBundle:Name

    I guess I’m missing some point but couldn’t figure it out. Could you provide some hints for what can be missing?

    Thank you

Viewing 5 replies - 1 through 5 (of 5 total)
  • Author
    Replies
  • #35464

    Vova Soroka
    Participant

    Hi luemic,

    You need to reload entity configuration to get it worked out.
    At first remove all entity configuration from your database:

    And then load it again:

    #35465

    ttiot
    Participant

    Hi there,

    I can’t figure out how to solve my ACL problem.
    I create a custom bundle with an entity (very basic for the moment). When I look at the customer view, the delete button is here (so the resource_granted return true) but the edit button isn’t here. When I check the logs, I see that there is a call to resource_granted for the edit acl but no more.

    Here is the different place I specify ACL :

    acl.yml (under Resources/config) :
    eos_customer_customer_update:
    type: entity
    class: EOSCustomerBundle:Customer
    permission: EDIT
    eos_customer_customer_delete:
    type: entity
    class: EOSCustomerBundle:Customer
    permission: DELETE

    datagrid.yml (under Resources/config):
    actions:
    view:
    type: navigate
    label: View
    link: view_link
    icon: user
    acl_resource: eos_customer_customer_view
    rowAction: true
    update:
    type: navigate
    label: Mise à jour
    link: update_link
    icon: edit
    acl_resource: eos_customer_customer_update
    delete:
    type: delete
    label: Supprimer
    link: delete_link
    icon: trash
    acl_resource: eos_customer_customer_delete

    and view.html.twig (under Resources/views/Customer) :
    {% if resource_granted('eos_customer_customer_update') %}
    {{ UI.editButton({
    'path' : path('eos_customer_update', { id: entity.id }),
    'entity_label': 'eos.customer.entity_label'|trans
    }) }}
    {% endif %}
    {% if resource_granted('eos_customer_customer_delete') %}
    {# UI.button...... #}
    {% endif %}

    Here is the logs :

    I also run the command php app/console oro:entity-config:update –filter=Customer

    Any advice ?

    #35466

    Vova Soroka
    Participant

    Hi ttiot,

    It seems that there are some problems with refreshing ACL cache. Could you please remove the following directories from the cache and try if edit button is shown after that:
    app/cache/dev/oro_data/oro_acl_actions.cache
    app/cache/dev/oro_data/oro_acl_annotations.cache
    app/cache/dev/oro_data/oro_acl_entities.cache

    Please let me know if this helps.

    Also there are some notes:
    First of all your ACL definition in acl.yml is correct, but it is better way to declare ACL is using annotations in your controller (or if you prefer YAML, using bindings attribute to bind a controller to ACL). So, there are two alternatives you can use:
    in controller
    /**
    * @Acl(
    * id="eos_customer_customer_update",
    * type="entity",
    * permission="EDIT",
    * class="EOSCustomerBundle:Customer"
    * )
    */
    public function updateAction(Customer $entity)

    or in acl.yml
    eos_customer_customer_update:
    type: entity
    class: EOSCustomerBundle:Customer
    permission: EDIT
    bindings:
    - { class: EOS\Bundle\CustomerBundle\Controller\CustomerController, method: updateAction}

    Next, to check ACL in TWIG please use the following:
    {% if resource_granted('eos_customer_customer_create') %}
    {{ UI.button({
    ...
    }) }}
    {% endif %}
    {% if resource_granted('EDIT', entity) %}
    {{ UI.editButton({
    ...
    }) }}
    {% endif %}
    {% if resource_granted('DELETE', entity) %}
    {{ UI.deleteButton({
    ...
    }) }}
    {% endif %}

    It allows you show buttons only if permissions to EDIT/DELETE is allowed to a particular customer.

    #35467

    ttiot
    Participant

    Thank you for your reply.

    I don’t put it here but yes, I declared my ACL Annotation on my controller too.

    I tried the second way of check acl in twig ( resource_granted(‘EDIT’,entity) ) and its work! thanks

    But that don’t explain me why the first way doesn’t work.

    #35468

    Vova Soroka
    Participant

    Most likely the problem is in our ACL cache. We will investigate this and prepare a fix ASAP.

Viewing 5 replies - 1 through 5 (of 5 total)

The forum ‘OroPlatform – Security’ is closed to new topics and replies.

Back to top