Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

ACL problem

Hello guys. I am experiencing one unusual problem with ACL. After I grant guests the option to search objects, ACL also allows them access to create function . I dont understand how.

Here is ACL - security.php http://pastebin.com/G0LuDYvt

here is objects controller http://pastebin.com/sb1KncRk



11.2k
Accepted
answer

I have temporarily solved problem with specifying denied controllers :

$publicDenyResources = array( 'objects' => array('new', 'edit', 'save', 'create', 'delete'), ); foreach ($publicDenyResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); }

        foreach ($publicDenyResources as $resource => $actions) {
            foreach ($actions as $action){
                $acl->deny('Guests', $resource, $action);
                }
        }


11.2k

I have solved it in a right way now. I have replaced this part

                        //Grant access to public areas to both users and guests and admins
                        foreach ($roles as $role) {
                                foreach ($publicResources as $resource => $actions) {
                                        $acl->allow($role->getName(), $resource, '*');
                                }
                        }

With this:

//Grant access to public areas to both users and guests and admins
        foreach ($publicResources as $resource => $actions) {
            foreach ($actions as $action){
                $acl->allow('Users', $resource, $action);
                $acl->allow('Admins', $resource, $action);
                $acl->allow('Guests', $resource, $action);
            }
        }