I'm starting whith Symfony2 and I'd like to group users in hierarchical categories and to give ROLES to them. The application will need a lot of categories, and some of them will parent hundreds of others (which ones could be parents of others too). I'd like to give ROLES to the parents and then childs could inherit ROLES. I don'k knom what is the best way : - I could use groups from FOSUserBundle but I can't find how to parent groups, it would be perfect since FOSUserBundle's groups are already using ROLES. - or maybe I should create a Category entity from the scratch, but I'm not sure how to do this (how to link categories and ROLES) and this sounds like "reinventing the wheel" to me.
I think ACL is a good way but another clever way for you to deal with your problem is to use Voters. A Voter is a class responsible to decide if the connected user is authorized to do something ON a given object. You can do a simple hierarchy with the nested tree system and then declare your Voter like here. Read this article and learn about it, it's really cool.
In my mind, this is a very cool way when your business logic may interact with the user right. It worked for me, here was my project :
I had a lot of employees with different types (staff, consultant, subcontractor, client), each of them were linked to a human resources, a sale admin, a manager and for some of them, to missions... Any way, as you can imagine, it blew our minds.
We were unable to use the Gedmo nested tree because of the several tree on the same class, gedmo does not allow such a thing... so we set up a UserBoss system and each time we want to know if some one has right to show or edit somebody, I just have to check the UserBoss relation throughout a UserBossManager (which maintain the tree up to date each time it changes somewhere) and which tell me with the isBoss($user1, $user2) function is the user1 is the boss of the user2 (because of the hierarchy, obviously, we can't just check for a direct relation, the boss of my boss is also my boss !).
So I hope my feedback will help you (or some other reader) :) Good luck guy !