Skip to content
Permalink
Browse files

Throw exceptions when invalid permission keys are used.

Silently 'failing' to save permissions is bad, throw exceptions instead.

Fixes #3851
  • Loading branch information...
markstory committed May 25, 2013
1 parent a63b54c commit 9ee610757eff8d492fe4f10e3db4d6c1244b1913
Showing with 19 additions and 9 deletions.
  1. +9 −9 lib/Cake/Model/Permission.php
  2. +10 −0 lib/Cake/Test/Case/Controller/Component/Acl/DbAclTest.php
@@ -162,9 +162,10 @@ public function check($aro, $aco, $action = "*") {
*
* @param string $aro ARO The requesting object identifier.
* @param string $aco ACO The controlled object identifier.
* @param string $actions Action (defaults to *)
* @param string $actions Action (defaults to *) Invalid permissions will result in an exception
* @param integer $value Value to indicate access type (1 to give access, -1 to deny, 0 to inherit)
* @return boolean Success
* @throws AclException on Invalid permission key.
*/
public function allow($aro, $aco, $actions = "*", $value = 1) {
$perms = $this->getAclLink($aro, $aco);
@@ -185,15 +186,14 @@ public function allow($aro, $aco, $actions = "*", $value = 1) {
if (!is_array($actions)) {
$actions = array('_' . $actions);
}
if (is_array($actions)) {
foreach ($actions as $action) {
if ($action{0} !== '_') {
$action = '_' . $action;
}
if (in_array($action, $permKeys)) {
$save[$action] = $value;
}
foreach ($actions as $action) {
if ($action{0} !== '_') {
$action = '_' . $action;
}
if (!in_array($action, $permKeys, true)) {
throw new AclException(__d('cake_dev', 'Invalid permission key "%s"', $action));
}
$save[$action] = $value;
}
}
list($save['aro_id'], $save['aco_id']) = array($perms['aro'], $perms['aco']);
@@ -293,6 +293,16 @@ public function testAllow() {
$this->assertFalse($this->Acl->allow('Lumbergh', 'ROOT/tpsReports/DoesNotExist', 'create'));
}
/**
* Test that allow() with an invalid permission name triggers an error.
*
* @expectedException CakeException
* @return void
*/
public function testAllowInvalidPermission() {
$this->Acl->allow('Micheal', 'tpsReports', 'derp');
}
/**
* testAllowInvalidNode method
*

0 comments on commit 9ee6107

Please sign in to comment.
You can’t perform that action at this time.