-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Acl inheritance wildcard #12004
Comments
Checked on 2.0.x and happening as well. This is happening because _access and _roleInherits looks like this:
So the first hit role is guest, and it's checked for wildcard, because of default action setted to deny we can't allow admin to access this. My guess is that this break needs to be removed perhaps - https://github.com/phalcon/cphalcon/blob/2.0.x/phalcon/acl/adapter/memory.zep#L577 I think we should change defaultAction behaviour, like don't add record to _access(which is actually wildcard access with default action), just check in isAllowed method if haveAccess is still null then just return defaultAction and that's it. |
I think that we can remove this if: https://github.com/phalcon/cphalcon/blob/2.0.x/phalcon/acl/adapter/memory.zep#L382 AND And change https://github.com/phalcon/cphalcon/blob/2.0.x/phalcon/acl/adapter/memory.zep#L619 to:
|
Well created PR, but it's changing somehow internally how acl was working. Not sure if it will affect any app, but it shouldn't and i clean a code somehow. Fixed in 2.1.x |
Fixed in the |
Hi, i inherit from role and check for a non existing resource i get deny on wildcard check.
In my case a guest can access payment with resource paypal. A user can access all from payment and also an admin and superadmin. The user can access the not existing resource but the admin can't.
Here my testcase
My output
Version 2.1.0 RC 1
The text was updated successfully, but these errors were encountered: