Bug #49373

Methods policy with key "Controllers" is ignored

Added by Andreas Wolf over 8 years ago.

Status:
New
Priority:
Must have
Assignee:
-
Category:
Security
Target version:
-
Start date:
2013-06-24
Due date:
% Done:

0%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

I'm using the following Policy.yaml file:

roles:
  Administrator: [User]
  User: []

resources:
  methods:
    Controllers: 'method(SynSystems\Contracts\Controller\.*Controller->(?<!initialize).*Action())'

acls:
  Administrator:
    methods:
      Controllers: GRANT

The "Controllers" ACL is silently ignored; as soon as I change it to "ContractControllers" (or some other name), it is suddenly used. There is no trace in the logs that parts of the Policy.yaml file are ignored.

I think silently ignoring parts of the Policy.yaml file is an absolute no-go; at least Flow should throw a warning if there is a naming clash with some internally used names.

No data to display

Also available in: Atom PDF