In case anyone else has this problem in the future I thought it worth
mentioning my solution.
The answer to this question is: yes it does work. However, the database
ACL tables were created with the script provided with Cake in an older
version of Cake. That version set the field types for _create, _read,
_update, _delete to tinyint(1).
The result was that when Acl->deny() tried to set the value of the field
to -1 it ended up as 1 instead.
Langdon
Langdon Stevenson wrote:
> I have been trying to use the Acl->deny() function (with database stored
> ACL) to remove a user's access to certain actions in my application.
> However deny() appears to "allow" rather than "deny" access.
>
> After about an hour of fiddling and reviewing log output I manually
> changed all permissions fields in the user's ArosAco records from 1 to 0
>
> When I tried to access the denied pages I was blocked (as expected).
>
> Then I ran my Acl->deny() code again and checked the database. The
> permissions fields in the user's records had been switched back to 1.
>
> exact code being executed:
>
> $this->Acl->deny('[EMAIL PROTECTED]', 'subscription_1');
> $this->Acl->deny('[EMAIL PROTECTED]', 'subscription_2');
>
> This is based on the example code from the manual:
>
> $this->Acl->deny('Abraham Lincoln', 'United States Army');
>
>
> Is this known behavior, or is it a bug? Or am I missing something ...
>
> I have had a look through the ACL code, but can't see why the deny
> wouldn't work.
>
> Any feedback would be much appreciated.
>
> Regards,
> Langdon
>
>
>
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
