Skip to content
This repository has been archived by the owner on Jan 21, 2020. It is now read-only.

deny_by_default inverts permission rules #36

Merged
merged 1 commit into from
Jul 16, 2014
Merged

deny_by_default inverts permission rules #36

merged 1 commit into from
Jul 16, 2014

Conversation

weierophinney
Copy link
Member

When I set deny_by_default to true, zf-mvc-auth seems to invert the meaning of my permission rules:

module.config.php:

    'zf-mvc-auth' => array(
        'authorization' => array(
            'deny_by_default' => true,
            'Api\\V1\\Rest\\User\\Controller' => array(
                'entity' => array(
                    'GET' => true, // Don't need authorization?
                    'POST' => false,
                    'PATCH' => false,
                    'PUT' => false,
                    'DELETE' => false,
                ),
            ),

According to the documentation, the boolean value of GET determines whether or not authorization is required. However, when deny_by_default is true, suddenly the booleans are interpreted to mean that authorization is not required.

The documentation says that deny_by_default only changes behavior for actions for which no permission was defined, but in fact it inverts the existing permissions.

https://apigility.org/documentation/modules/zf-mvc-auth

@boukeversteegh boukeversteegh changed the title zf-mvc-auth => authorization => deny_by_default inverts permission rules deny_by_default inverts permission rules Jul 6, 2014
@boukeversteegh boukeversteegh changed the title deny_by_default inverts permission rules deny_by_default inverts permission rules Jul 6, 2014
@boukeversteegh boukeversteegh changed the title deny_by_default inverts permission rules deny_by_default inverts permission rules Jul 6, 2014
@ezimuel ezimuel self-assigned this Jul 7, 2014
@weierophinney
[zfcampus#36] Fix how boolean flags are honored when deny_by_default …
b103188 
…is enabled

- Essentially, if deny_by_default is enabled, we need to build the list
  of flags differently, as the AclFactory creates allow rules instead of
  deny rules in that situation.
@weierophinney weierophinney added this to the 1.0.4 milestone Jul 16, 2014
@weierophinney weierophinney merged commit b103188 into zfcampus:master Jul 16, 2014
weierophinney added a commit that referenced this pull request Jul 16, 2014
@weierophinney
Merge branch 'hotfix/36'
acfa5e1 
Close #36
weierophinney added a commit that referenced this pull request Jul 16, 2014
@weierophinney
Merge branch 'hotfix/36' into develop
a27f4ad 
Forward port #36
@weierophinney weierophinney deleted the hotfix/36 branch July 16, 2014 20:28
@boukeversteegh boukeversteegh mentioned this pull request Jan 20, 2015
Open
@weierophinney weierophinney mentioned this pull request Dec 31, 2019
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@weierophinney weierophinney

Labels
None yet
Projects
None yet
Milestone
1.0.4
Development

Successfully merging this pull request may close these issues.
2 participants
@weierophinney @ezimuel