-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ACL inheritance is broken in 1.2.X #905
Comments
@alexzaporozhets Could you please provide more information i.e. example of the code you are running or even better create a pull request with a failing test? Thanks! |
Any news about the issue? We cannot update to 1.2 because of it. |
Problem with the inheritance chain: $acl = new AclEngine();
$acl->setDefaultAction(Acl::DENY);
$acl->addRole('user');
$acl->addRole('admin', 'user');
$acl->addRole('developer', 'admin');
$acl->addResource('tickets', ['list', 'open', 'close']);
$acl->allow('user', 'tickets', 'open');
var_dump($acl->isAllowed('user', 'tickets', 'open')); // returns 1
var_dump($acl->isAllowed('admin', 'tickets', 'open')); // returns 1
var_dump($acl->isAllowed('developer', 'tickets', 'open')); // returns 0 (!) PHP 5.5.1 |
@niden any news about this bug? |
Not yet buddy it is a high priority we need to check @alexzaporozhets Stay tuned we will address this as soon as possible. |
I have same issue with inheritance in 1.2.3 |
Any news? |
@alexzaporozhets I am working on this but it may take some time as I am not familiar at with how ACL in Phalcon works. |
That is a good news, try to compare code with version 1.1 |
Fix submitted, but I need more test cases (ideally from real world applications) — looks like we have no unit tests for ACL at all :-( |
Hi, I can add a simple unit-test for ACL. |
Ideally yes, just make sure to submit the pull request against 1.3.0 branch. Or just paste the code here and I will turn it into the test myself. |
This is fixed in the 1.2.4/1.3.0 branch |
Hi, we tried to do update - the problem is remains |
@alexzaporozhets There should be a file, ext/tests/issue-905.phpt. If you run php issue-905.phpt what do you see? The expected result should look like this:
|
I cannot build 1.3.0: 1.2.4: vagrant@timedoctor:~/cphalcon/build$ php aclTest.php |
For 1.3.0, could you please run apt-get build-dep php5-dev and try to recompile again? 1.2.4 — looking |
This line produces segmentation fault: |
vagrant@timedoctor:~/cphalcon$ php /home/vagrant/cphalcon/build/aclTest.php |
1.3.0 - did you build it from ext/ or from build/? |
from build |
At first I executed: apt-get build-dep php5-dev and after that build was successful |
Please build it from ext/ build/ was not updated. |
Build 1.2.4? or 1.3.0? |
1.3.0. 1.3.0 build from ext/ should pass all tests. |
Ok, I will do it. Is it possible to fix 1.2.4? |
Sure |
Can you give a time estimate for fix? We are waiting to do the update. |
For 1.2.4: diff --git a/ext/acl/adapter/memory.c b/ext/acl/adapter/memory.c
index aa41c91..01be425 100644
--- a/ext/acl/adapter/memory.c
+++ b/ext/acl/adapter/memory.c
@@ -725,14 +725,13 @@ static int phalcon_role_adapter_memory_check_inheritance(zval *role, zval *resou
if (phalcon_array_isset(access_list, access_key)) {
phalcon_array_fetch(&have_access, access_list, access_key, PH_NOISY);
found = Z_TYPE_P(have_access) != IS_NULL;
+ zval_ptr_dtor(&have_access);
+ have_access = NULL;
}
else {
found = 0;
}
- zval_ptr_dtor(&have_access);
- have_access = NULL;
-
zval_dtor(access_key);
ZVAL_NULL(access_key);
I will submit the pull request later, as I need to fix several other bugs. |
Hi, did you submit a pull request to 1.2.4 branch? |
Yes |
We did a test update yesterday (1.2.4) the problem remains. |
Same — what does
display? |
After update from version 1.1 ACL inheritance stop to work properly.
The text was updated successfully, but these errors were encountered: