ZF-5425: Assertion implementation does not receive ACL query parameters.
Description
Zend_Acl manual states that:
{quote} The assert() method of an assertion object is passed the ACL, role, resource, and privilege to which the authorization query (i.e., isAllowed()) applies, in order to provide a context for the assertion class to determine its conditions where needed. {quote}
That is not true! When assertion is attached to global "all-roles" pseudo-parent in on ACL tree with:
$acl::allow(null,null,null,new MyAssertion());
... with the assertion built like:
class MyAssertion implements Zend_Acl_Assert_Interface {
public function assert(Zend_Acl $acl,
Zend_Acl_Role_Interface $role = null,
Zend_Acl_Resource_Interface $resource = null,
$privilege = null)
{
if($role == 'someRole') return true;
elseif($resource == 'someBannedResource') return false;
else return true;
}
}
... Then after a query:
$acl->isAllowed('someRole','someResource','somePermission');
... the assertion should be called with
{{assert(Zend_Acl object, 'somerole', 'someResource', 'somePermission')}}.
Instead it is called with
{{assert(Zend_Acl object, null, null, null)}}
Comments
Posted by Wil Sinclair (wil) on 2009-01-14T13:31:40.000+0000
Assigning to Ralph to get closure on this issues.
Posted by Ralph Schindler (ralph) on 2009-07-30T18:53:37.000+0000
There is a fix in place in trunk at r17317 for ZF-1721 & ZF-1722 that I think will fix this issue, please test.
Posted by Ralph Schindler (ralph) on 2009-08-14T13:41:30.000+0000
Fixed with 1.9.1