Closed ghost closed 10 years ago
See a quote from Guards docs:
Guards are not really aware of permissions (it does not make any sense) but rather only think about "roles". For instance, you may want to refuse access to each routes that begin by "admin/*" to all users that do not have the "admin" role. Albeit simple to use, guards should not be the only protection in your application, and you should always also protect your service. The reason is that your business logic should be handled by your service. Protecting a given route or controller does not mean that the service cannot be access from elsewhere (another action for instance).
So, you'll use RouteGuard to protect your routes, while you use RoleProvider permissions to protect your services. (You must always protect your services.)
Also, take a look at https://github.com/ZF-Commons/zfc-rbac/issues/182
Thanx danizord it was clear from debugging that guards don't use permissions but i had to ask it just to clarify it.
@svmashtaler so, this issue can be closed? :)
Yes sure it can be closed, thank you.
@svmashtaler can you close this issue?
I have a question regarding usage of RouteGuard rules and RoleProvider permissions. What is the use of RoleProvider permissions if i have RoutGuard rules set? Are they ever being used? I don see any change if i have RoleProvider permissionsor not. Am i doing something wrong? Here is a sample of my zfc_rbac config:
'zfc_rbac' => [