crisu83 / yii-rights

Automatically exported from code.google.com/p/yii-rights
BSD 3-Clause "New" or "Revised" License
2 stars 4 forks source link

revoke permissions doesn't work properly #78

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Generate an auth-item for a controller action ('Example.Create' e.g.)
2. create a new role 'testdrive' and assign this role to the user 'test' (no 
other roles assigned)
3. Under 'Permissions' revoke the permission for the item 'Example.Create' for 
the role 'testdrive'

What is the expected output? What do you see instead?
As long as the auth-item 'Example.Create' is not created, the user 'test' can 
not call the create-action of the ExampleController because the access is 
restricted. That's totally right, but:
Creating the auth-item 'Example.Create' and revoking it to the role 'testdrive' 
and therefore for the user 'test' should do the same thing. But in fact, no 
matter if the auth-item 'Example.Create' ist assigned oder revoked to the role 
'testdrive', the user 'test' ist able to call and execute the create-action of 
the ExampleController.
Fyi: The config is fine: Controller extends RController and rights is added to 
the controller's filters. Also there is no inheritance of 'testdrive' to other 
roles and no inheritance of 'Example.Create' to other permissions.

What version of the product are you using? On what operating system?
Yii-version: 1.1.13
yii-rights-version: 1.3.0.r147
OS: Win7Pro

Please provide any additional information below.

Original issue reported on code.google.com by Markus.F...@gmail.com on 11 Jul 2013 at 2:53