This problem has now been identified as a bug, and I have created a
fix. Jails has supplied a test case and both have been submitted to
the trac.

https://trac.cakephp.org/ticket/3312

Mike


On Sep 26, 11:15 am, Mike Green <[EMAIL PROTECTED]> wrote:
> Dear all
>
> I'm working with acl, using things the "right" way - or so I assume..
>
> I have an aro tree like this:
>
> --------------------
> Aro tree:
> --------------------
>   [1]Global
>
>     [2]Accounts
>
>     [3]Manager
>
>       [4]Secretary
>
> --------------------
>
> and an aco tree like this:
>
> ---------------------
> Aco tree:
> ---------------------
>   [1]Reports
>
>     [2]Accounts
>
>       [3]Contact
>
>     [4]Messages
>
>       [5]MonthView
>
>         [6]Links
>
>           [7]Numbers
>
>     [8]QuickStats
>
>     [9]Bills
>
> ---------------------
>
> Now, when I grant "Manager" permissions of "all" (or *) on "Messages",
> Secretary inherits those rights also - which I assume to be correct
>
> $this->Acl->allow('Manager','Reports');
>
> However, when I then issue a subsequent "DENY" of
>
> $this->Acl->deny('Secretary','Links','*');
>
> It appears to not work, as a check on Secretary like this:
>
> $this->Acl->check('Secretary','Links','read');
>
> returns "1"; which is obviously not what I expected! Since I set
> Secretarys permissions on "links" to be DENY ALL
>
> Could somebody please advise as to the correct way of doing this,
> since I am now utterly stumped and slightly confused.....
>
> I'm using cake 1.2, svn 5694.
>
> performing the same operations via the console gives the same results.
>
> Many thanks in advance
>
> MIke


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to