In symfony2, I have come to a point where I need to create dynamic roles, not only to manage specific general rights, but also gain rights to perform actions on specific objects.
Here comes ACL, shortly described in the doc. However, I have come to understand that :
- It lacks the capability to update ACEs when a user changes username : https://github.com/symfony/symfony/issues/5787
- ACL will be moved out from symfony core as it might not be well maintened: https://github.com/symfony/symfony/issues/8848
So is that really an issue not to use ACL and instead create a ROLE or a database relationship for every object which access should be filtered ?