ACL allow(‘admin’, ALL, [ ‘new’, ‘edit’ ]) and deny(admin', ALL, ALL) is not denied
- woytam
- Member | 14
Hello,
I find a little not predictable behavior.
If I allow some priviledges and then deny ALL, it is still allowed.
Example code:
<?php
$acl = new \Nette\Security\Permission();
// Resources definitions
$acl->addResource('Articles');
// Roles definitions
$acl->addRole('admin');
bdump($acl->isAllowed('admin', 'Articles', 'default')); // false
$acl->allow('admin', 'Articles', array('default', 'new', 'edit'));
bdump($acl->isAllowed('admin', 'Articles', 'default')); // true
$acl->deny('admin', 'Articles');
bdump($acl->isAllowed('admin', 'Articles', 'default')); // true !!
?>As you can see on last line, after denying resource ‘Articles’ for
‘admin’, function isAllowed still returns true.
And command
<?php
$acl->removeAllow('admin', 'Articles');
?>throws notice: Undefined index: allPrivileges
in File: ...\vendor\nette\security\src\Security\Permission.php:560
I see problem in allowing only some privileges by array, and trying to denying ALL privileges by “placeholder”.
Is it expected behavior of Nette Permission?