What steps will reproduce the problem?
1. Generate an auth-item for a controller action ('Example.Create' e.g.)
2. create a new role 'testdrive' and assign this role to the user 'test' (no
other roles assigned)
3. Under 'Permissions' revoke the permission for the item 'Example.Create' for
the role 'testdrive'
What is the expected output? What do you see instead?
As long as the auth-item 'Example.Create' is not created, the user 'test' can
not call the create-action of the ExampleController because the access is
restricted. That's totally right, but:
Creating the auth-item 'Example.Create' and revoking it to the role 'testdrive'
and therefore for the user 'test' should do the same thing. But in fact, no
matter if the auth-item 'Example.Create' ist assigned oder revoked to the role
'testdrive', the user 'test' ist able to call and execute the create-action of
the ExampleController.
Fyi: The config is fine: Controller extends RController and rights is added to
the controller's filters. Also there is no inheritance of 'testdrive' to other
roles and no inheritance of 'Example.Create' to other permissions.
What version of the product are you using? On what operating system?
Yii-version: 1.1.13
yii-rights-version: 1.3.0.r147
OS: Win7Pro
Please provide any additional information below.
Original issue reported on code.google.com by Markus.F...@gmail.com on 11 Jul 2013 at 2:53
Original issue reported on code.google.com by
Markus.F...@gmail.comon 11 Jul 2013 at 2:53