Issue Type: Bug Created: 2011-11-03T15:31:33.000+0000 Last Updated: 2012-07-04T23:00:52.000+0000 Status: Open Fix version(s): Reporter: Franz de Leon (kelmadics) Assignee: Ralph Schindler (ralph) Tags: - Zend_Acl
Related issues: - ZF-11789
I have this ACL situation bellow.
<pre class="highlight"> $acl = new Zend_Acl(); $acl->addRole(new Zend_Acl_Role('john')); $acl->addResource(new Zend_Acl_Resource('car')); $acl->allow('john', 'car'); $acl->allow('john', 'car', 'clean'); $this->assertTrue($acl->isAllowed('john', 'car')); // resolves: true // john cannot drive $acl->deny('john', 'car', 'drive'); // why is this resolving to FALSE? // expects to be TRUE because we only denied to DRIVE permission and not the whole resource $this->assertTrue($acl->isAllowed('john', 'car')); // resolves: false
My expectation is since we are only denying the specific "drive" permission to user john's resource car why is the acl returning false we I do a check on isAllowed('john', 'car'). I am expecting since i targeted the privilege "drive" that the top level resource will still be true.
Posted by Franz de Leon (kelmadics) on 2012-01-04T16:30:54.000+0000
any comments at all? been here for awhile
Posted by Jean-Nicolas DESJARDINS (zeearth) on 2012-07-04T23:00:52.000+0000
I comment from line 975 to line 979 and it's work correctly. Why browse byPrivilegeId in allMethodPrivilege?
Have you found an issue?
See the Overview section for more details.