ZF-5425: Assertion implementation does not receive ACL query parameters.


Zend_Acl manual states that:

{quote} The assert() method of an assertion object is passed the ACL, role, resource, and privilege to which the authorization query (i.e., isAllowed()) applies, in order to provide a context for the assertion class to determine its conditions where needed. {quote}

That is not true! When assertion is attached to global "all-roles" pseudo-parent in on ACL tree with:

$acl::allow(null,null,null,new MyAssertion());

... with the assertion built like:

class MyAssertion implements Zend_Acl_Assert_Interface {
    public function assert(Zend_Acl $acl,
                Zend_Acl_Role_Interface $role = null,
                Zend_Acl_Resource_Interface $resource = null,
                $privilege = null)
        if($role == 'someRole') return true;
        elseif($resource == 'someBannedResource') return false;        
        else return true;

... Then after a query:


... the assertion should be called with

{{assert(Zend_Acl object, 'somerole', 'someResource', 'somePermission')}}.

Instead it is called with

{{assert(Zend_Acl object, null, null, null)}}


Assigning to Ralph to get closure on this issues.

There is a fix in place in trunk at r17317 for ZF-1721 & ZF-1722 that I think will fix this issue, please test.

Fixed with 1.9.1