I want to use ACL in my app. But I met some problem. If the controller/action (other words — some route) doesn't exist, the acl don't know about that fact. The acl just checks controller/action by name. So user can get "access denied" for routes don't exist, and user will think they do...
As I had noticed, beforeException is executed before beforeExecuteRoute, and beforeNotFoundAction goes before beforeException. So, potentially, I can catch "not found" before the acl checks if I use beforeExecuteRoute in the acl's events manager. My question is, does it guaranteed executed in sequence I had noticed? Is it determined? I just want to be ensure that guest will not get access to the existing private resources, but anybody will see "not found" for any nonexistent ones.