Hi, first of all many thanks for develop, support and share this excellent framework.
Before post this question, I tried to find answer to my problem but I could't be able to find it.
I'm using ACL to control the access to some functionallity of my code. Everything were ok until I made a typo error. In an isAllowed checking I got a true at checking a non defined access in a role.
I show you the code:
<?php $acl = new AclList(); $acl->setDefaultAction(Acl::DENY); //by default deny for all defined permissions $adminRole = new Role('Admin', 'Administrator'); $acl->addRole($adminRole); $fooController = new Resource('FooController'); $acl->addResource( $fooController, [ 'fooAction', 'barAction'] ); $acl->allow($adminRole->getName(), $fooController->getName(), '*'); //using wildcard for the access $checkFoo = $acl->isAllowed($adminRole->getName(), $fooController->getName(), "fooAction"); // return true (OK) //next line return true (but the access 'baAction' is not defined as a part of the resource, //the correct one would be 'barAction'. $checkBar = $acl->isAllowed($adminRole->getName(), $fooController->getName(), "baAction"); ?>
I expected to get an error or at least a false.
I'm using Phalcon 3.2.4 .
Thank you so much for read this.