ACL allow(‘admin’, ALL, [ ‘new’, ‘edit’ ]) and deny(admin', ALL, ALL) is not denied

Member | 12

I find a little not predictable behavior.
If I allow some priviledges and then deny ALL, it is still allowed.

Example code:

$acl = new \Nette\Security\Permission();

// Resources definitions

// Roles definitions

bdump($acl->isAllowed('admin', 'Articles', 'default'));		// false
$acl->allow('admin', 'Articles', array('default', 'new', 'edit'));
bdump($acl->isAllowed('admin', 'Articles', 'default'));		// true
$acl->deny('admin', 'Articles');
bdump($acl->isAllowed('admin', 'Articles', 'default'));		// true !!

As you can see on last line, after denying resource ‘Articles’ for ‘admin’, function isAllowed still returns true.

And command

$acl->removeAllow('admin', 'Articles');

throws notice: Undefined index: allPrivileges in File: ...\vendor\nette\security\src\Security\Permission.php:560

I see problem in allowing only some privileges by array, and trying to denying ALL privileges by “placeholder”.

Is it expected behavior of Nette Permission?