我终于找到了一种方法，这可能不是最有效的方法，但它有效，并且是我所知道的唯一方法，因为直到现在还没有人知道如何实现这一目标.

I finally found a way to do this, its probably not the most efficient way of doing this but it works and is the only way I know of doing this, as no-one knows how to achieve this till now.

首先，我为每个组都有一个默认用户，该用户无法登录(具有该组默认权限的虚拟用户)-我获得了默认用户的安全 ID:

First I have a default user for every group, who cannot log in( a dummy user with the default permissions for the group ) - I get the Security ID for the default user:

$defaultUser = $this->getDoctrine()
    ->getRepository('TdfUserBundle:User')
    ->findOneByUsername('-default-'.$group->getCode());

$sid = UserSecurityIdentity::fromAccount($defaultUser);

我创建了一个权限数组来检查和设置一些空数组，并加载有问题的.acl_manager

I create an array of permisisons to check for and set some empty arrays, and load the problematic.acl_manager

$permissionsToCheck = array('VIEW', 'EDIT', 'CREATE', 'DELETE', 'OPERATOR', 'MASTER', 'OWNER');
$aclManager = $this->get('problematic.acl_manager');

然后我遍历要检查其权限的对象，并检查我之前在 $permissionsToCheck 变量中设置的权限.我检查了默认用户的权限.结果放在我发送到模板的数组中.

Then I loop through the objects that I want to check the permission for, and check the permissions I set before in the $permissionsToCheck var. I check the permissions for the default user. The result is put in a array that I send to the template.

foreach($forumCategories as $forumCategory) :
    $permissionArray[] = $this->checkPermissions($sid, $forumCategory, $permissionsToCheck, '');
endforeach;

checkPermissions 函数从给定的对象返回一个权限数组和一些我需要的东西.

The checkPermissions function returns an array of the permissions and some stuff I need from the Object given.

private function checkPermissions($sid, $object, $permissionsToCheck, $type) 
{
    $aclProvider = $this->get('security.acl.provider');
    $oid = ObjectIdentity::fromDomainObject($object);
    try {
        $acl = $aclProvider->createAcl($oid);
    }catch(\Exception $e) {
        $acl = $aclProvider->findAcl($oid);
    }
    $aclProvider->updateAcl($acl);
    foreach ($permissionsToCheck as $permissionCode):
        $permissionVar = 'can'.$permissionCode;
        $builder = new MaskBuilder();
        $builder->add($permissionCode);
        $mask = $builder->get();
        try {
            $$permissionVar = $acl->isGranted(array($mask),array($sid));
        } catch(\Exception $e) {
            $$permissionVar = false;
        }
        $tempPermissionsArray[$permissionCode] = $$permissionVar;
    endforeach;

    $returnArray = array('id' => $object->getId(),'title' => $object->getTitle(),'slug' => $object->getSlug(),'type' => $type, 'permissions' => $tempPermissionsArray);
    return $returnArray;

}

在表单的 POST 之后，我检查哪些对象的权限发生了变化，如果是这样，我将遍历组中的所有用户.对于每个用户，撤销权限，然后获取所有组(组的默认用户).检查每个组(默认用户)权限，检查激活哪些权限并赋予用户正确的权限.

After the POST of the form I check what Object has its permissions changed, If so I loop through all users in the group. For each user,revoke permissions,then get all the groups( default user for the group ). check per group(default user) permission, check what permissions to activate and give the user the correct permissions.

这里我将所有权限设置为 false，然后遍历所有角色/组(默认用户)并查看是否应该设置权限.

Here I set all permissions to false and then loop through all roles/groups(default users) and see if the permission should be set.

 foreach($array['permissions'] as $permissionCode => $test ):
        $$permissionCode = false;
    endforeach;

    foreach($user->getRoles() as $role):
        $role   = str_replace('ROLE_', '', $role);

        $defaultUser = $this->getDoctrine()
            ->getRepository('TdfUserBundle:User')
            ->findOneByUsername('-default-'.$role);
        $sid = UserSecurityIdentity::fromAccount($defaultUser);


        // See all permissions
        foreach($array['permissions'] as $permissionCode => $test ):
            $builder = new MaskBuilder();
            $builder->add($permissionCode);
            $mask = $builder->get();
            try {
                $isGranted = $acl->isGranted(array($mask),array($sid));
                if($isGranted):
                    $$permissionCode = true;
                endif;
            } catch(\Exception $e) {

            }
        endforeach;
    endforeach;

在此之后，我知道用户应该拥有哪些权限，然后将所有权限授予该帐户:

After this I know what rights the user should have and then give the account all the rights:

$aclManager = $this->get('problematic.acl_manager');

$aclManager->revokeAllObjectPermissions($object, $user);

$mapping = array(
        'VIEW'      => MaskBuilder::MASK_VIEW,
        'EDIT'      => MaskBuilder::MASK_EDIT,
        'CREATE'    => MaskBuilder::MASK_CREATE,
        'UNDELETE'  => MaskBuilder::MASK_UNDELETE,
        'DELETE'    => MaskBuilder::MASK_DELETE,
        'OPERATOR'  => MaskBuilder::MASK_OPERATOR,
        'MASTER'    => MaskBuilder::MASK_MASTER,
        'OWNER'     => MaskBuilder::MASK_OWNER,
    );
foreach($array['permissions'] as $permissionCode => $test ):
    if($$permissionCode):
        $mask = $mapping[$permissionCode];
        $aclManager->addObjectPermission($object, $mask, $user);
    endif;
endforeach;