New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change Acl default action to DENY #13758

Closed
niden opened this Issue Jan 10, 2019 · 1 comment

Comments

Projects
1 participant
@niden
Copy link
Member

niden commented Jan 10, 2019

The default access level for Acl is Acl::ALLOW.

It needs to be changed to Acl::DENY to ensure that only the developer/app allow subjects and operations vs the component itself

@niden niden self-assigned this Jan 10, 2019

@niden niden added this to To do in 4.0 Release via automation Jan 10, 2019

niden added a commit to niden/cphalcon that referenced this issue Jan 10, 2019

niden added a commit to niden/cphalcon that referenced this issue Jan 10, 2019

niden added a commit to niden/cphalcon that referenced this issue Jan 10, 2019

@niden niden moved this from To do to In progress in 4.0 Release Jan 10, 2019

@niden niden referenced this issue Jan 10, 2019

Merged

T13758 acl default access level #13759

3 of 3 tasks complete

niden added a commit to niden/cphalcon that referenced this issue Jan 10, 2019

[phalcon#13758] - Merge branch '4.0.x' into T13758-acl-default-access…
…-level

* 4.0.x:
  Add to changelog and split out tests
  Fix for phalcon#13724
  Update docblocks
  Fix most of the issues
  PHPCS fixes
  Final Cli Console tests
  __get() test and Set Argument test working. Still to do HandleCest
  Getting there on Cli\Console tests.

niden added a commit that referenced this issue Jan 10, 2019

Merge branch 'niden-T13758-acl-default-access-level' into 4.0.x
* niden-T13758-acl-default-access-level:
  [#13758] - Added changelog entry
  [#13758] - Added test for default action in Acl
  [#13758] - Added default action to be deny
  [4.0.x] - Added match to travis for issue branches
  [4.0.x] - Code cleanup
  Revert "Revert "[4.0.x] -""
  Revert "[4.0.x] -"
  [4.0.x] -
  [4.0.x] - PHPCS fix
@niden

This comment has been minimized.

Copy link
Member Author

niden commented Jan 10, 2019

Implemented

@niden niden closed this Jan 10, 2019

4.0 Release automation moved this from In progress to Done Jan 10, 2019

CameronHall added a commit to CameronHall/cphalcon that referenced this issue Jan 20, 2019

@CameronHall CameronHall referenced this issue Jan 20, 2019

Merged

Phalcon\Exception implements \Throwable #13776

2 of 2 tasks complete

niden added a commit that referenced this issue Jan 23, 2019

niden added a commit to niden/cphalcon that referenced this issue Jan 25, 2019

[phalcon#13060] - Merge branch '4.0.x' into T13060-filter-service
* 4.0.x:
  _httpOnly has a default value of false
  Updated Tests
  Update tests/unit/Http/Cookie/CookieCest.php
  Created test for Issue phalcon#13464
  Fixes phalcon#13464: httpOnly is no longer initialised with a value
  Regenerated build
  Use latest Zephir
  phalcon#13749: Removed Phalcon\Mvc\User\* (phalcon#13775)
  phalcon#13717: Cleaned up the `Phalcon\Mvc\Model\Metadata\Redis` constructor (phalcon#13774)
  phalcon#13758: `Phalcon\Exception` implements `\Throwable` (phalcon#13776)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment