So, I installed foscomment (most current version to date) and set it up for ACL, with success. I then decided to add their role based permissions as well. The problem is, the user who posts a comment can no longer edit their own comment. and if I give their role the edit power, then they can edit all comments.
Is it possible to use ACL and Roles natively in the foscomment bundle? SO that edit and delete can be set to ROLE_ADMIN, but ACL can allow users to edit and delete their own posts, even if they are ROLE_USER?
OR do I have to leave off the roles part and extend the templates and add it in myself?
here is my config.yml foscomment snippet
fos_comment:
db_driver: orm
class:
model:
comment: Application\Bundle\CommentBundle\Entity\Comment
thread: Application\Bundle\CommentBundle\Entity\Thread
acl: true
service:
acl:
thread: fos_comment.acl.thread.roles
comment: fos_comment.acl.comment.roles
vote: fos_comment.acl.vote.roles
manager:
thread: fos_comment.manager.thread.acl
comment: fos_comment.manager.comment.acl
vote: fos_comment.manager.vote.acl
acl_roles:
comment:
create: ROLE_USER
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
thread:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
vote:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
Yes it is possible.
Install FOSUser bundle and follow https://github.com/FriendsOfSymfony/FOSCommentBundle/blob/master/Resources/doc/6-integration_with_fosuserbundle.md .
Then, create the following class :
<?php
namespace Application\Sonata\CommentBundle\Acl;
use FOS\CommentBundle\Acl\RoleCommentAcl as BaseRoleCommentAcl;
use FOS\CommentBundle\Model\CommentInterface;
use FOS\CommentBundle\Model\SignedCommentInterface;
use Symfony\Component\Security\Core\SecurityContextInterface;
class RoleCommentAcl extends BaseRoleCommentAcl
{
/**
* The current Security Context.
*
* @var SecurityContextInterface
*/
private $securityContext;
/**
* Constructor.
*
* @param SecurityContextInterface $securityContext
* @param string $createRole
* @param string $viewRole
* @param string $editRole
* @param string $deleteRole
* @param string $commentClass
*/
public function __construct(SecurityContextInterface $securityContext,
$createRole,
$viewRole,
$editRole,
$deleteRole,
$commentClass
)
{
parent::__construct(
$securityContext,
$createRole,
$viewRole,
$editRole,
$deleteRole,
$commentClass);
$this->securityContext = $securityContext;
}
/**
* Checks if the Security token has an appropriate role to edit the supplied Comment.
*
* @param CommentInterface $comment
* @return boolean
*/
public function canEdit(CommentInterface $comment)
{
if ($comment instanceof SignedCommentInterface)
{
if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
return true;
}
}
return parent::canEdit($comment);
}
/**
* Checks if the Security token is allowed to delete a specific Comment.
*
* @param CommentInterface $comment
* @return boolean
*/
public function canDelete(CommentInterface $comment)
{
if ($comment instanceof SignedCommentInterface)
{
if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
return true;
}
}
return parent::canDelete($comment);
}
}
And add the following to service.yml :
<service id="application.sonata.comment.acl.comment.roles" class="Application\Sonata\CommentBundle\Acl\RoleCommentAcl" public="false">
<argument type="service" id="security.context" />
<argument>IS_AUTHENTICATED_FULLY</argument> <!-- Create role -->
<argument>IS_AUTHENTICATED_ANONYMOUSLY</argument> <!-- View role -->
<argument>ROLE_ADMIN</argument> <!-- Edit role -->
<argument>ROLE_ADMIN</argument> <!-- Delete role -->
<argument>%fos_comment.model.comment.class%</argument>
</service>
Finally, update your config.yml with the following :
fos_comment:
service:
acl:
comment: application.sonata.comment.acl.comment.roles
You can adapt the created class depending on your requirements.