Overlapping ressouce definitions in Policy.yaml resolved incorrectly
Just encountered this particular bug while updating a Policy.yaml file.
If you have two ressource definitions that overlap:
ressources: methods: allMethods: 'method(Vendor\Ext\Controller\SomeController->.*Action())' specificMethod: 'method(Vendor\Ext\Controller\SomeController->specificAction())'
And acls similar to this:
acls: OneRole: methods: allMethods: GRANT SecondRole: methods: specificMethod: GRANT
Then the second role can not access the specific method. By votes (0 denied, 0 granted, 1 abstained). The interesting part is when you execute
./flow security:showeffectivepolicy Vendor.Ext:SecondRole
The output says that specificMethod is allowed for SecondRole.
So even if this behavior is intended there is a bug in the SecurityCommandController at the very least.
Affected Flow Version: 2.1.2
Although this version or any version beyond 2.0.0 does not actually exist here in forge.
No data to display