Bug #49373
Methods policy with key "Controllers" is ignored
Status: | New | Start date: | 2013-06-24 | |
---|---|---|---|---|
Priority: | Must have | Due date: | ||
Assigned To: | - | % Done: | 0% |
|
Category: | Security | |||
Target version: | - | |||
PHP Version: | Complexity: | |||
Has patch: | No | Affected Flow version: | Git master |
Description
I'm using the following Policy.yaml file:
1roles:
2 Administrator: [User]
3 User: []
4
5resources:
6 methods:
7 Controllers: 'method(SynSystems\Contracts\Controller\.*Controller->(?<!initialize).*Action())'
8
9acls:
10 Administrator:
11 methods:
12 Controllers: GRANT
The "Controllers" ACL is silently ignored; as soon as I change it to "ContractControllers" (or some other name), it is suddenly used. There is no trace in the logs that parts of the Policy.yaml file are ignored.
I think silently ignoring parts of the Policy.yaml file is an absolute no-go; at least Flow should throw a warning if there is a naming clash with some internally used names.