Symfony cumulative ACL isGranted
The default use of Access Control Lists in symfony can be a little awkward. That's because the $securityContext isGranted method performs a cumulative permissions check, while the typical implementations of ACL component isGranted perform a different kind of check. Here is what I mean, let's start with a simple security token. $em = $this->getContainer()->get('doctrine')->getManager(); $aclManager = $this->getContainer()->get('myapp_user.acl_manager'); $repository = $em->getRepository('MyAppUserBundle:User'); $user = $repository->find(1); $output->writeln(sprintf("user:%d %s", $user->getId(), $user->getUsername() ) ); $token = new UsernamePasswordToken($user, $user->getPassword(), "firewallname", $user->getRoles()); $securityContext = $this->getContainer()->get('security.token_storage'); $authorizationChecker = $this->getContainer()->get('security.authorization_che...