Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy::hasSufficientPermissions
Makes an authorization decision.
The order of ACEs, and SIDs is significant; the order of permission masks not so much. It is important to note that the more specific security identities should be at the beginning of the SIDs array in order for this strategy to produce intuitive authorization decisions. First, we will iterate over permissions, then over security identities. For each combination of permission, and identity we will test the available ACEs until we find one which is applicable. The first applicable ACE will make the ultimate decision for the permission/identity combination. If it is granting, this method will return true, if it is denying, the method will continue to check the next permission/identity combination. This process is repeated until either a granting ACE is found, or no permission/identity combinations are left. Finally, we will either throw an NoAceFoundException, or deny access.
Signature
private function hasSufficientPermissions(AclInterface
$acl,
array
$aces,
array
$masks,
array
$sids,
Boolean
$administrativeMode )
Parameters
$acl
— Symfony\Component\Security\Acl\Model\AclInterface
$aces
— array- An array of ACE to check against
$masks
— array- An array of permission masks
$sids
— array- An array of SecurityIdentityInterface implementations
$administrativeMode
— object- True turns off audit logging
Returns
- Boolean
- true, or false; either granting, or denying access respectively.