Different permissions for resource and some of its privileges
Greetings to all,
I'm building navigation on my site with Zend_Navigation and Zend_Acl. Each resource is connected to some controller, additionally I want to have an ability to set a custom access rights for every action ( they are associated with priveleges ) if needed.
I've found that if some privilege is denied for role, than the whole resource is considered "not allowed", even if role can access any other privileges.
Here is a testcase:
$test = new Zend_Acl();
$test->addRole( new Zend_Acl_Role( 'user' ) );
$test->addRole( new Zend_Acl_Role( 'admin' ) );
$test->addResource( new Zend_Acl_Resource( 'about' ) );
As you can see, even when I explictly allow access for all privilege for user role and deny only one, the whole resource is not allowed. As the consequence, this resource will not be shown in the menu for the user.
I've found the place in code, where it happens, and commented it out, and now everything works right as I've expected, but I'm not sure, that it's a correct way to solve the problem.
Can anyone correct me, if i'm doing the wrong thing, or the problem has other solutions?
Re: Different permissions for resource and some of its privileges
That's actually pretty interesting. At first glance I thought it might just be the way you're defining it, but it seems that denying access to a resource and permission pair actually blocks the entire resource.
About the best I could come up with would be to use something like: