Best way to manage user/group object permissions with Symfony2

Question

I\'d like to hear some thoughts on the best way to optimize our schema to achieve the following.

We have a number of objects/db entries (events, venues, etc) some of wh

Answer 1

It's been a while since I posted my original answer to this, but wanted to follow up with another solution, one which we are using currently.

While Symfony gives a security/ACL layer to use, you don't have to use it, or at least fully.

At just about any point in time in your code, you can throw a Symfony\Component\Security\Core\Exception\AccessDeniedException and the security layer will "kick in" and handle it for you, like redirecting users to a login page, etc.

Some of this interaction may require a bit more advanced firewall setup to work exactly how you want it to.

Long story short, while Symfony provides some great mechanisms and features to help build ACL, you don't have to work to fit your data and processes into what they have defined.

For our system as an example, we have Accounts, Roles, and Groups in our system (along with Permissions). We also divide sections of data off into Departments as well. While users can have global-level Roles and Permissions, they can also have Department-specific access. This setup made using the built in Symfony ACL features and access checking tools almost unusable (not meaning their tools are useless, they are great in fact, they just don't fit our use case). So, we built our own service (that utilizes some fine-tuned queries) where we pass in the relevant data concerning a check and it throws the appropriate Symfony\Component\Security\Core\Exception\AccessDeniedException when a check fails.