We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

ACL issue

Here is my code: https://pastebin.com/mwCQiWn3

Now the issue I'm facing is: Anyone was able to access phones/new though I allowed index action only to guests. I need your advice to fix the issue.

Thanks



43.9k

Hi,

in line 84, change:


$acl->allow($role->getName(), $resource, '*');
// to
$acl->allow($role->getName(), $resource, $action);