Throw exceptions when invalid permission keys are used.

Silently 'failing' to save permissions is bad, throw exceptions instead. Fixes #3851
cakephp · May 25, 2013 · 9ee6107 · 9ee6107
1 parent a63b54c
commit 9ee6107
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 9 deletions.
diff --git a/lib/Cake/Model/Permission.php b/lib/Cake/Model/Permission.php
@@ -162,9 +162,10 @@ public function check($aro, $aco, $action = "*") {
  *
  * @param string $aro ARO The requesting object identifier.
  * @param string $aco ACO The controlled object identifier.
- * @param string $actions Action (defaults to *)
+ * @param string $actions Action (defaults to *) Invalid permissions will result in an exception
  * @param integer $value Value to indicate access type (1 to give access, -1 to deny, 0 to inherit)
  * @return boolean Success
+ * @throws AclException on Invalid permission key.
  */
 	public function allow($aro, $aco, $actions = "*", $value = 1) {
 		$perms = $this->getAclLink($aro, $aco);
@@ -185,15 +186,14 @@ public function allow($aro, $aco, $actions = "*", $value = 1) {
 			if (!is_array($actions)) {
 				$actions = array('_' . $actions);
 			}
-			if (is_array($actions)) {
-				foreach ($actions as $action) {
-					if ($action{0} !== '_') {
-						$action = '_' . $action;
-					}
-					if (in_array($action, $permKeys)) {
-						$save[$action] = $value;
-					}
+			foreach ($actions as $action) {
+				if ($action{0} !== '_') {
+					$action = '_' . $action;
+				}
+				if (!in_array($action, $permKeys, true)) {
+					throw new AclException(__d('cake_dev', 'Invalid permission key "%s"', $action));
 				}
+				$save[$action] = $value;
 			}
 		}
 		list($save['aro_id'], $save['aco_id']) = array($perms['aro'], $perms['aco']);

diff --git a/lib/Cake/Test/Case/Controller/Component/Acl/DbAclTest.php b/lib/Cake/Test/Case/Controller/Component/Acl/DbAclTest.php
@@ -293,6 +293,16 @@ public function testAllow() {
 		$this->assertFalse($this->Acl->allow('Lumbergh', 'ROOT/tpsReports/DoesNotExist', 'create'));
 	}
 
+/**
+ * Test that allow() with an invalid permission name triggers an error.
+ *
+ * @expectedException CakeException
+ * @return void
+ */
+	public function testAllowInvalidPermission() {
+		$this->Acl->allow('Micheal', 'tpsReports', 'derp');
+	}
+
 /**
  * testAllowInvalidNode method
  *