ZF-11868: Zend_Acl Resource to Privilege problem

Issue Type: Bug Created: 2011-11-03T15:31:33.000+0000 Last Updated: 2012-07-04T23:00:52.000+0000 Status: Open Fix version(s): Reporter: Franz de Leon (kelmadics) Assignee: Ralph Schindler (ralph) Tags: - Zend_Acl

Related issues: - ZF-11789



I have this ACL situation bellow.

<pre class="highlight">
        $acl = new Zend_Acl();
        $acl->addRole(new Zend_Acl_Role('john'));
        $acl->addResource(new Zend_Acl_Resource('car'));
        $acl->allow('john', 'car');
        $acl->allow('john', 'car', 'clean');
        $this->assertTrue($acl->isAllowed('john', 'car')); // resolves: true
        // john cannot drive
        $acl->deny('john', 'car', 'drive');
        // why is this resolving to FALSE?
        // expects to be TRUE because we only denied to DRIVE permission and not the whole resource
        $this->assertTrue($acl->isAllowed('john', 'car')); // resolves: false

My expectation is since we are only denying the specific "drive" permission to user john's resource car why is the acl returning false we I do a check on isAllowed('john', 'car'). I am expecting since i targeted the privilege "drive" that the top level resource will still be true.


Posted by Franz de Leon (kelmadics) on 2012-01-04T16:30:54.000+0000

any comments at all? been here for awhile

Posted by Jean-Nicolas DESJARDINS (zeearth) on 2012-07-04T23:00:52.000+0000


I comment from line 975 to line 979 and it's work correctly. Why browse byPrivilegeId in allMethodPrivilege?

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.