ZF-11868: Zend_Acl Resource to Privilege problem

Issue Type:
Bug
Created:
2011-11-03T15:31:33.000+0000
Last Updated:
2012-07-04T23:00:52.000+0000
Status:
Open
Fix version(s):
    Reporter:
    Franz de Leon (kelmadics)
    Assignee:
    Ralph Schindler (ralph)
    Tags:
    • Zend_Acl
    Related issues:
    Attachments:

    Description

    I have this ACL situation bellow.

    
        $acl = new Zend_Acl();
        $acl->addRole(new Zend_Acl_Role('john'));
        $acl->addResource(new Zend_Acl_Resource('car'));
        
        $acl->allow('john', 'car');
        $acl->allow('john', 'car', 'clean');
        
        $this->assertTrue($acl->isAllowed('john', 'car')); // resolves: true
        
        // john cannot drive
        $acl->deny('john', 'car', 'drive');
        
        // why is this resolving to FALSE?
        // expects to be TRUE because we only denied to DRIVE permission and not the whole resource
        $this->assertTrue($acl->isAllowed('john', 'car')); // resolves: false

    My expectation is since we are only denying the specific "drive" permission to user john's resource car why is the acl returning false we I do a check on isAllowed('john', 'car'). I am expecting since i targeted the privilege "drive" that the top level resource will still be true.

    Comments

    Posted by Franz de Leon (kelmadics) on 2012-01-04T16:30:54.000+0000

    any comments at all? been here for awhile

    Posted by Jean-Nicolas DESJARDINS (zeearth) on 2012-07-04T23:00:52.000+0000

    Hi,

    I comment from line 975 to line 979 and it's work correctly. Why browse byPrivilegeId in allMethodPrivilege?