Zend Framework

• Type: Bug
• Status: Resolved
• Priority: Major
• Resolution: Fixed
• Affects Version/s: 1.7.2, 1.7.3
• Fix Version/s: 1.9.1
• Component/s: Zend_Acl
• Labels:

  None

Zend_Acl manual states that:

The assert() method of an assertion object is passed the ACL, role, resource, and privilege to which the authorization query (i.e., isAllowed()) applies, in order to provide a context for the assertion class to determine its conditions where needed.

That is not true! When assertion is attached to global "all-roles" pseudo-parent in on ACL tree with:

$acl::allow(null,null,null,new MyAssertion());

... with the assertion built like:

class MyAssertion implements Zend_Acl_Assert_Interface {
	public function assert(Zend_Acl $acl,
				Zend_Acl_Role_Interface $role = null,
				Zend_Acl_Resource_Interface $resource = null,
				$privilege = null)
    {
		if($role == 'someRole') return true;
		elseif($resource == 'someBannedResource') return false;        
		else return true;
    }	
}

... Then after a query:

$acl->isAllowed('someRole','someResource','somePermission');

... the assertion should be called with

assert(Zend_Acl object, 'somerole', 'someResource', 'somePermission').

Instead it is called with

assert(Zend_Acl object, null, null, null)

• Assignee:

  Ralph Schindler

  Reporter:

  Artur Bodera

• Created:

  07/Jan/09 7:49 AM

  Updated:

  14/Aug/09 1:41 PM

  Resolved:

  14/Aug/09 1:41 PM