Each subsequent isAllowed call PermissionAuthorizator adds new __authenticated role.

Arachne / Security

Authentication and authorization for Nette framework. Deals with cases that are difficult to implement with nette/security.

MIT License

2 stars 7 forks source link

Closed josefsabl closed 5 years ago

josefsabl commented 5 years ago

Pull request here:

enumag commented 5 years ago

The $roles with '__authenticated' should never be written back to Identity. How did that happen?

josefsabl commented 5 years ago

Ok, probably something wrong on my side. I will take look at it.

josefsabl commented 5 years ago

I confirm this was a bug on our side. We were passing roles from our data object to identity as a reference (sort of).