-
-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extend configuration to allow defining parents for resources #4
Comments
I'm really unsure what you're asking. Please expand your description to include some code or pseudo-code demonstrating:
This will allow somebody to start working on a possible solution. Thanks! |
Sorry about the confusion. Please consider the following resource hierarchy:
Configuration:
The problem seems to be the current implementation of
The following could be a possible solution:
|
Are my description and the proposed code samples clear enough? |
Feature Request
Summary
While porting an application based on Zend Framework 1 to Mezzio, I noticed that there seems to be no way to define a parent resource ID for the elements of ['mezzio-authorization-acl']['resources'].
It looks like a 'technical debt' in \Mezzio\Authorization\Acl\LaminasAclFactory::injectResources(), since \Laminas\Permissions\Acl\Acl::addResource($resource, $parent = null) allows passing a parent as its 2nd argument.
Comparing to the RBAC, it was IMHO a vital feature and an argument for using the ACL implementation in the first place. On the other hand, it makes the meaning of the 'deny' node in the configuration somewhat questionable - why denying access to any resource if you can just omit it in the 'allow' section?
Since there is effectively no way of configuring the grouping (or inheritance) of resources, we just get a plain list of allowed ones, which actually makes the whole ACL implementation logically similar (if not equal) to the RBAC... but with an overcomplicated configuration.
The text was updated successfully, but these errors were encountered: