Permalink
Browse files

Throw exceptions when invalid permission keys are used.

Silently 'failing' to save permissions is bad, throw exceptions instead.

Fixes #3851
  • Loading branch information...
1 parent a63b54c commit 9ee610757eff8d492fe4f10e3db4d6c1244b1913 @markstory markstory committed May 25, 2013
Showing with 19 additions and 9 deletions.
  1. +9 −9 lib/Cake/Model/Permission.php
  2. +10 −0 lib/Cake/Test/Case/Controller/Component/Acl/DbAclTest.php
@@ -162,9 +162,10 @@ public function check($aro, $aco, $action = "*") {
*
* @param string $aro ARO The requesting object identifier.
* @param string $aco ACO The controlled object identifier.
- * @param string $actions Action (defaults to *)
+ * @param string $actions Action (defaults to *) Invalid permissions will result in an exception
* @param integer $value Value to indicate access type (1 to give access, -1 to deny, 0 to inherit)
* @return boolean Success
+ * @throws AclException on Invalid permission key.
*/
public function allow($aro, $aco, $actions = "*", $value = 1) {
$perms = $this->getAclLink($aro, $aco);
@@ -185,15 +186,14 @@ public function allow($aro, $aco, $actions = "*", $value = 1) {
if (!is_array($actions)) {
$actions = array('_' . $actions);
}
- if (is_array($actions)) {
- foreach ($actions as $action) {
- if ($action{0} !== '_') {
- $action = '_' . $action;
- }
- if (in_array($action, $permKeys)) {
- $save[$action] = $value;
- }
+ foreach ($actions as $action) {
+ if ($action{0} !== '_') {
+ $action = '_' . $action;
+ }
+ if (!in_array($action, $permKeys, true)) {
+ throw new AclException(__d('cake_dev', 'Invalid permission key "%s"', $action));
}
+ $save[$action] = $value;
}
}
list($save['aro_id'], $save['aco_id']) = array($perms['aro'], $perms['aco']);
@@ -294,6 +294,16 @@ public function testAllow() {
}
/**
+ * Test that allow() with an invalid permission name triggers an error.
+ *
+ * @expectedException CakeException
+ * @return void
+ */
+ public function testAllowInvalidPermission() {
+ $this->Acl->allow('Micheal', 'tpsReports', 'derp');
+ }
+
+/**
* testAllowInvalidNode method
*
* @expectedException PHPUnit_Framework_Error_Warning

0 comments on commit 9ee6107

Please sign in to comment.