Hello guys. I am experiencing one unusual problem with ACL. After I grant guests the option to search objects, ACL also allows them access to create function . I dont understand how.
Here is ACL - security.php https://pastebin.com/G0LuDYvt
here is objects controller https://pastebin.com/sb1KncRk
I have temporarily solved problem with specifying denied controllers :
$publicDenyResources = array( 'objects' => array('new', 'edit', 'save', 'create', 'delete'), ); foreach ($publicDenyResources as $resource => $actions) { $acl->addResource(new Phalcon\Acl\Resource($resource), $actions); }
foreach ($publicDenyResources as $resource => $actions) {
foreach ($actions as $action){
$acl->deny('Guests', $resource, $action);
}
}I have solved it in a right way now. I have replaced this part
//Grant access to public areas to both users and guests and admins
foreach ($roles as $role) {
foreach ($publicResources as $resource => $actions) {
$acl->allow($role->getName(), $resource, '*');
}
}With this:
//Grant access to public areas to both users and guests and admins
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action){
$acl->allow('Users', $resource, $action);
$acl->allow('Admins', $resource, $action);
$acl->allow('Guests', $resource, $action);
}
}