Bug #47429
Global policy files no longer allowed
Status: | New | Start date: | 2013-04-22 | |
---|---|---|---|---|
Priority: | Should have | Due date: | ||
Assigned To: | - | % Done: | 0% |
|
Category: | Security | |||
Target version: | - | |||
PHP Version: | Complexity: | |||
Has patch: | No | Affected Flow version: | Git master |
Description
Since one of the last changes, global policy files are no longer allowed. After a discussion on the IRC channel, this seems to be a bug.
All that should be checked is wether or not a role is defined in that Policy file not if it exists as it makes sense to configure the acls on installation base.
Other than that, this check should not be executed if the security is disabled at all which it is in my case.
History
#1 Updated by Thomas Hempel over 2 years ago
FYI: I'm not entirely sure what should be allowed in global policy files but I wonder why I am supposed to change the files of a package (which is not necessarily from me) in order to change the acls for, let's say Anonymous.
My global Policy.yaml file looks like this:
Vendor: MyPackage: acls: Anonymous: methods: updateMethods: GRANT createMethods: GRANT deleteMethods: GRANT
My local package Policy.yaml looks like:
roles: AdminRole: ['EditorRole'] EditorRole: [] resources: entities: [] methods: deleteMethods: 'method(Vendor\MyPackage\Controller\.*->delete.*())' updateMethods: 'method(Vendor\MyPackage\Controller\.*->update.*())' createMethods: 'method(Vendor\MyPackage\Controller\.*->create.*())' acls: AdminRole: methods: deleteMethods: GRANT EditorRole: methods: updateMethods: GRANT createMethods: GRANT deleteMethods: DENY
#2 Updated by Robert Lemke about 2 years ago
- Target version changed from 2.0 to 2.1
I'm afraid, we'll have to leave it like it is in order to get 2.0 out at some point. Postponing to 2.1.
#3 Updated by Robert Lemke about 2 years ago
- Target version deleted (
2.1)
#4 Updated by Philipp Maier about 2 years ago
Right now, not even Policy.yaml files within the "Vendor.Package/Configuration" folder are working.
After moving the Policy.yaml inside "Vendor.Package/Configuration/Development" it worked again.
This might be a bug, might be intended or just my Flow installation going to hell - I'll test this later with a fresh installation.
#5 Updated by Philipp Maier about 2 years ago
Disregard, updated my git repository URL and updated to current master. Perfectly working now.