Bug #28319
Access denied will be logged at the wrong location in nested calls
| Status: | Needs Feedback | Start date: | 2011-07-19 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | Security | |||
| Target version: | - | |||
| PHP Version: | Complexity: | |||
| Has patch: | No | FLOW3 version affected: | FLOW3 1.0.0 | |
| Votes: | 0 |
Description
If several method calls that were secured by the PolicyEnforcementAspect are nested, an AccessDeniedException will be logged for the outer method even when the access to the inner method was not allowed.
This is misguiding and makes policy debugging very hard. We should try to log the method that was actually not allowed and try to provide more context for debugging.
History
Updated by Christopher Hlubek almost 2 years ago
Small update: Maybe this occurs only if the method that was denied is used in a runtime evaluation.
Updated by Karsten Dambekalns over 1 year ago
- FLOW3 version affected set to FLOW3 1.0.0
Updated by Christian Mueller about 1 year ago
- Status changed from New to Needs Feedback
- Has patch set to No
Should we still keep this then?