New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#8279 Inherited Permissions breaks inherits from denied parents in 2.8.1 #8450
Comments
I'll take a look, thank you for the test case 👍 |
The third assertion $this->assertFalse($this->Acl->check('Jane', 'bizzaro_town', 'create'), 'Should not have access due to inherit'); Shouldn't that be true? Jane was granted |
Yes, you are correct. That should be |
This looks like it might work.
|
When child inherits from a deny parent the '*' permission should reflect permissions on all nodes not just the leaf node. Previously once a node with all permissions set to inherit was found, the check would pass. Instead it should cascade to the parent nodes and look for explicit allow/deny. Refs #8450
Thanks for the diff @houseoftech. I took a slightly different approach with #8453. I figured that the root cause was that we were checking |
This is a (multiple allowed):
What you did
Checked permission
check($aro, $aco, '*')
on an inherited (0) child ACO whose parent has everything denied (-1).Expected Behavior
The check should have returned
false
for denied.Actual Behavior
The check returned
true
.Since 2.8.1 all logged in users have been able to access all actions. If I revert only the [Fix inherited permissions when checking the '' permission.](Fix inherited permissions when checking the '' permission.) commit, then authorization behaves as expected.
Here is an appendage to the original test case provided which also tests inheritable permissions on denied parents. The last two asserts fail in 2.8.1.
The text was updated successfully, but these errors were encountered: