Sub-resource with same privileges as parent resource causes wrong return value of Permission::isAllowed()

bene

PHP: 5.4.8
Nette: 2.1.0

  // - r1:
  //   - privileges:
  //     - p1
  //     - p2
  //   - resources:
  //     - r1:
  //       - privileges:
  //         - p1 (x)
  //         - p2

  // Bug
  $p = new \Nette\Security\Permission;
  $p->addRole('role');
  $p->addResource('r1');
  $p->addResource('r2', 'r1');
  $p->allow('role', 'r1', 'p1');
  $p->allow('role', 'r1', 'p2');
  $p->allow('role', 'r2', 'p1');

  var_dump($p->isAllowed('role', 'r1', 'p1')); // true
  var_dump($p->isAllowed('role', 'r1', 'p2')); // true
  var_dump($p->isAllowed('role', 'r2', 'p1')); // true
  var_dump($p->isAllowed('role', 'r2', 'p2')); // false - Bug: returns true!

  // Ok
  $p = new \Nette\Security\Permission;
  $p->addRole('role');
  $p->addResource('r1');
  $p->addResource('r2', 'r1');
  $p->allow('role', 'r1', 'p1');
  $p->allow('role', 'r2', 'p1');
  $p->allow('role', 'r2', 'p2');

  var_dump($p->isAllowed('role', 'r1', 'p1')); // true
  var_dump($p->isAllowed('role', 'r1', 'p2')); // false
  var_dump($p->isAllowed('role', 'r2', 'p1')); // true
  var_dump($p->isAllowed('role', 'r2', 'p2')); // true

enumag

This behaviour seems correct to me.

The resource r2 inherits all privileges from r1. So if you allow p1 for r1, r2 inherits that as well because r2 extends r1 (= r2 is just a special case of r1).

Last edited by enumag (2014-01-13 19:34)

bene

This behaviour doesn't have sense to me for following example:

Car (resource) has drive (privilege).
Lorry inherit from car and have drive too.

If I allow to role car_driver drive car, this role has access to drive lorry too.

But if this behaviour is feature, OK, we have to write own permission class.

Thx

xificurk

Why do you use resource inheritance then?

bene

That was only example which shows object and more special object. Our application has forms with privileges “add” and “edit” and more special forms sometimes inherit from more common forms. I don't want to talk about right and wrong design. @enumag wrote example and explained that is feature and I'll take it. One angle of view is different as second. I wrote we have to write own permission class because this behaviour is not for us. I think there is no reason keep this topic opened.

Thanks for comments