diff --git a/src/Auth/SimpleRbacAuthorize.php b/src/Auth/SimpleRbacAuthorize.php index aec17e4c3..5847e5e15 100644 --- a/src/Auth/SimpleRbacAuthorize.php +++ b/src/Auth/SimpleRbacAuthorize.php @@ -174,7 +174,8 @@ protected function _checkRules(array $user, $role, Request $request) { $permissions = $this->config('permissions'); foreach ($permissions as $permission) { - if ($allowed = $this->_matchRule($permission, $user, $role, $request)) { + $allowed = $this->_matchRule($permission, $user, $role, $request); + if ($allowed !== null) { return $allowed; } } @@ -189,7 +190,7 @@ protected function _checkRules(array $user, $role, Request $request) * @param array $user current user * @param string $role effective user role * @param Request $request request - * @return bool + * @return bool if rule matched, null if rule not matched */ protected function _matchRule($permission, $user, $role, $request) { @@ -216,7 +217,7 @@ protected function _matchRule($permission, $user, $role, $request) } } - return false; + return null; } /** diff --git a/tests/TestCase/Auth/SimpleRbacAuthorizeTest.php b/tests/TestCase/Auth/SimpleRbacAuthorizeTest.php index 183611b7b..7f84f7878 100644 --- a/tests/TestCase/Auth/SimpleRbacAuthorizeTest.php +++ b/tests/TestCase/Auth/SimpleRbacAuthorizeTest.php @@ -655,6 +655,38 @@ public function providerAuthorize() //expected true ], + 'array-prefix' => [ + //permissions + [ + [ + 'role' => ['test'], + 'prefix' => ['one', 'admin'], + 'controller' => '*', + 'action' => 'one', + 'allowed' => false, + ], + [ + 'role' => ['test'], + 'prefix' => ['one', 'admin'], + 'controller' => '*', + 'action' => '*', + ], + ], + //user + [ + 'id' => 1, + 'username' => 'luke', + 'role' => 'test', + ], + //request + [ + 'prefix' => 'admin', + 'controller' => 'Tests', + 'action' => 'one' + ], + //expected + false + ], ]; } }