This problem has now been identified as a bug, and I have created a fix. Jails has supplied a test case and both have been submitted to the trac.
https://trac.cakephp.org/ticket/3312 Mike On Sep 26, 11:15 am, Mike Green <[EMAIL PROTECTED]> wrote: > Dear all > > I'm working with acl, using things the "right" way - or so I assume.. > > I have an aro tree like this: > > -------------------- > Aro tree: > -------------------- > [1]Global > > [2]Accounts > > [3]Manager > > [4]Secretary > > -------------------- > > and an aco tree like this: > > --------------------- > Aco tree: > --------------------- > [1]Reports > > [2]Accounts > > [3]Contact > > [4]Messages > > [5]MonthView > > [6]Links > > [7]Numbers > > [8]QuickStats > > [9]Bills > > --------------------- > > Now, when I grant "Manager" permissions of "all" (or *) on "Messages", > Secretary inherits those rights also - which I assume to be correct > > $this->Acl->allow('Manager','Reports'); > > However, when I then issue a subsequent "DENY" of > > $this->Acl->deny('Secretary','Links','*'); > > It appears to not work, as a check on Secretary like this: > > $this->Acl->check('Secretary','Links','read'); > > returns "1"; which is obviously not what I expected! Since I set > Secretarys permissions on "links" to be DENY ALL > > Could somebody please advise as to the correct way of doing this, > since I am now utterly stumped and slightly confused..... > > I'm using cake 1.2, svn 5694. > > performing the same operations via the console gives the same results. > > Many thanks in advance > > MIke --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
