Issues

ZF-6147: Zend_Acl incorrect handling on non existent privilege when evaluating a role permission

Issue Type: Bug Created: 2009-03-27T20:34:39.000+0000 Last Updated: 2009-10-15T17:41:18.000+0000 Status: Resolved Fix version(s): - 1.9.5 (27/Oct/09)

Reporter: Diego Sainz (disago) Assignee: Dolf Schimmel (Freeaqingme) (freak) Tags: - Zend_Acl

Related issues: Attachments:

Description

Suppose the following code:

<pre class="highlight">
$acl=new Zend_Acl();
$acl->addRole(new Zend_Acl_Role('role'));
$acl->add(new Zend_Acl_Resource('resource'));
$acl->allow('role','resource');
$acl->isAllowed('role','resource',array('nonExistentPriv'));

Expected behavior: 'role' allowed to access the resource (because it was registered with null privileges in the allow rule) or an exception with a message similar to "resource privilege nonExistentPriv is not registered"

Actual behavior: PHP Warning Illegal offset type in isset or empty File: Zend\Acl.php Line: 961

Comments

Posted by Ralph Schindler (ralph) on 2009-09-10T08:03:20.000+0000

Zend_Acl should not be emmiting any php warnings in any valid use of the API. Changing to bug, nice to have, next mini release.

Posted by Dolf Schimmel (Freeaqingme) (freak) on 2009-10-15T17:41:17.000+0000

Please not that the third parameter of isAllowed should be a string (or null) and not an array. Therefore closing this issue as not-an-issue.

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts