Nikhil13x
commented
8 months ago This snippet returns false on occurrence of a deny rule in actions. Should it return true whenever there is no deny rule for a group in the for loop instead?
Open Nikhil13x opened 8 months ago
Nikhil13x
commented
8 months ago This snippet returns false on occurrence of a deny rule in actions. Should it return true whenever there is no deny rule for a group in the for loop instead?
KrzysztofPajak
commented
8 months ago @Nikhil13x yes, it is expected behaviour.
Nikhil13x
commented
8 months ago @KrzysztofPajak Understood. But the logic at permissionSystemName level works in the other way. If the checkbox is selected for any groups assigned to the user, it allows access. Only at action level, the deny rule is applied. It's confusing a little.
KrzysztofPajak
commented
8 months ago @Nikhil13x you have right, it can be a little confusing. I will consider to change it. In the PermissionAction collection (in database) we save records to which you do not have access. In this case, we will have to change the operating mechanism and perform a migration.
A user is assigned with two groups. Group 1 - Administrator with all permissions and their actions enabled Group 2 - TestGroup - with one action unselected (Admin Area.Manage Products -> "List")
In this case, the user is not allowed to "List" the products, even if the permissions is assigned via one group. The deny rule takes precedence.
Is this expected behaviour?