It's looks exactly as the bug described. Look in cake/libs/controller/components/acl.php
method check, look for === -1, change to == -1. If it isn't there, probably you need to put a couple of pr() and start debugging :(. Before that, try with an fresh install of the latest svn. On Tue, Apr 8, 2008 at 9:12 AM, David Christopher Zentgraf <[EMAIL PROTECTED]> wrote: > > SELECT `Aro`.`id`, `Aro`.`parent_id`, `Aro`.`model`, > `Aro`.`foreign_key`, `Aro`.`alias` FROM `aros` AS `Aro` LEFT JOIN > `aros` AS `Aro0` ON (`Aro`.`lft` <= `Aro0`.`lft` AND `Aro`.`rght` >= > `Aro0`.`rght`) WHERE `Aro0`.`model` = 'User' AND `Aro0`.`foreign_key` > = 3 ORDER BY `Aro`.`lft` DESC > > SELECT `Aco`.`id`, `Aco`.`parent_id`, `Aco`.`model`, > `Aco`.`foreign_key`, `Aco`.`alias` FROM `acos` AS `Aco` LEFT JOIN > `acos` AS `Aco0` ON (`Aco0`.`alias` = 'Users') LEFT JOIN `acos` AS > `Aco1` ON (`Aco1`.`lft` > `Aco0`.`lft` AND `Aco1`.`rght` < > `Aco0`.`rght` AND `Aco1`.`alias` = 'index') WHERE ((`Aco`.`lft` <= > `Aco0`.`lft` AND `Aco`.`rght` >= `Aco0`.`rght`) OR (`Aco`.`lft` <= > `Aco1`.`lft` AND `Aco`.`rght` >= `Aco1`.`rght`)) ORDER BY `Aco`.`lft` > DESC > > SELECT `Permission`.`id`, `Permission`.`aro_id`, > `Permission`.`aco_id`, `Permission`.`_create`, `Permission`.`_read`, > `Permission`.`_update`, `Permission`.`_delete`, `Aro`.`id`, > `Aro`.`parent_id`, `Aro`.`model`, `Aro`.`foreign_key`, `Aro`.`alias`, > `Aro`.`lft`, `Aro`.`rght`, `Aco`.`id`, `Aco`.`parent_id`, > `Aco`.`model`, `Aco`.`foreign_key`, `Aco`.`alias`, `Aco`.`lft`, > `Aco`.`rght` FROM `aros_acos` AS `Permission` LEFT JOIN `aros` AS > `Aro` ON (`Permission`.`aro_id` = `Aro`.`id`) LEFT JOIN `acos` AS > `Aco` ON (`Permission`.`aco_id` = `Aco`.`id`) WHERE > `Permission`.`aro_id` = 6 AND `Permission`.`aco_id` IN (4, 3, 2) > > > The result of that last call even looks pretty good to me: > > +----+--------+--------+---------+-------+---------+---------+------ > +-----------+-------+-------------+--------+------+------+------ > +-----------+-------+-------------+-------+------+------+ > | id | aro_id | aco_id | _create | _read | _update | _delete | id | > parent_id | model | foreign_key | alias | lft | rght | id | > parent_id | model | foreign_key | alias | lft | rght | > +----+--------+--------+---------+-------+---------+---------+------ > +-----------+-------+-------------+--------+------+------+------ > +-----------+-------+-------------+-------+------+------+ > | 1 | 6 | 3 | 1 | 1 | 1 | 1 | 6 > | NULL | User | 3 | deceze | 11 | 12 | 3 > | 2 | NULL | NULL | Users | 2 | 13 | > | 3 | 6 | 4 | -1 | -1 | -1 | -1 | 6 > | NULL | User | 3 | deceze | 11 | 12 | 4 > | 3 | NULL | NULL | index | 3 | 4 | > +----+--------+--------+---------+-------+---------+---------+------ > +-----------+-------+-------------+--------+------+------+------ > +-----------+-------+-------------+-------+------+------+ > 2 rows in set (0.00 sec) > > > And just for completeness: > > $ cake acl view aco > > --------------------------------------------------------------- > Aco tree: > --------------------------------------------------------------- > [2]ROOT > > [3]Users > > [4]index > > [5]edit > > [6]register > > [7]profile > > [8]delete > > > > But: > > $cake acl check deceze Users/index all > deceze is allowed. > > > > > On 8 Apr 2008, at 20:49, Dardo Sordi Bogado wrote: > > > > Can you post the SQL generated? > > > > On Tue, Apr 8, 2008 at 8:47 AM, David Christopher Zentgraf > > <[EMAIL PROTECTED]> wrote: > >> > >> Those URLs are not loading for me right now, > >> but I'm experiencing this on a Nightly from April 5th (I think). > >> > >> cake/libs/controller/components/acl.php: > >> /* SVN FILE: $Id: acl.php 6491 2008-03-01 03:12:12Z nate $ */ > >> ... > >> > >> > >> > >> On 8 Apr 2008, at 20:17, Dardo Sordi Bogado wrote: > >>> > >>> Bug #3851, > >>> > >>> https://trac.cakephp.org/ticket/3851 > >>> https://trac.cakephp.org/changeset/6342 > >>> > >>> It's fixed in current versions. > >>> > >>> On Tue, Apr 8, 2008 at 6:01 AM, David Christopher Zentgraf > >>> <[EMAIL PROTECTED]> wrote: > >>>> > >>>> Hi, > >>>> > >>>> Am I getting this right? With the ACL component, AROs inherit their > >>>> permissions like this: > >>>> > >>>> Group [denied something] > >>>> |- User [allowed something] > >>>> > >>>> In this case, the explicitly granted permission on the User > >>>> overrides > >>>> the general Group setting, allowing the User something > >>>> specifically. > >>>> With ACOs the opposite seems to be the case: > >>>> > >>>> Controller [allowing user] > >>>> |- Action [denying user] > >>>> > >>>> In this case, the general permission on the Controller seems to > >>>> override the explicitly forbidden Action. > >>>> > >>>> $ cake acl grant deceze Users all > >>>> $ cake acl deny deceze Users/delete all > >>>> > >>>> $ cake acl check deceze Users/delete all > >>>> deceze is allowed. > >>>> > >>>> Is this by design or a bug? > >>>> > >>>> Chrs, > >>>> Dav > >>>> > >>>>> > >>>> > >>> > >>>> > >> > >> > >>> > >> > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
