ZF-11789: Zend_Acl removeAllow doesn't work correctly!


When you define some resources and a role and grant all privilege to one role then removeAllow doesn't work correctly!

    $this->addResource(new Zend_Acl_Resource('default'))
         ->addResource(new Zend_Acl_Resource('default_user'), 'default')
         ->addResource(new Zend_Acl_Resource('default_login'), 'default');

    $this->addRole(new Zend_Acl_Role('superAdmin'));

    $this->removeAllow('superAdmin', 'default_user', array('deleteSuperAdmin','editSuperAdmin'));

when you call $this->isAllowed('superAdmin', 'default_user', 'editSuperAdmin') it returns true!


It seems you should initially call allow with particular resource and it's privilege for one top level role and then deny the resource and it's privilege in bottom level of roles. I test it and it works correctly. But this issue is not wrong! Because when you see my sample code you hope it work correctly!