One of the things that I have noticed about DbAcl, and other people have mentioned it as well on the Google Group, is that apart from not handling non-unique aliases very well, DbAcl node lookup will fail if the url does not have the full path in the ACO tree.
For example, consider the following tree.
ROOT |_ controller1 |_ controller 2 |_action 1
If you then access http://localhost/controller1/ everything is fine. But when you try to access http://localhost/controller1/action1 you will get errors from DbAcl something like:
Warning (512): DB_ACL::check() - Failed ACO node lookup in permissions check.
Ok so just put all the actions in the database was my first solution. That is until I realised that something like /posts/view/id is going to need an ACO for every id, which seems a bit overkill.
What I would like is for non-existent children ACOs to automatically inherit from the parent and so on. Obviously this is only suitable for ACOs based on urls.
The patch that Simon has submitted resolves the inheritence problem. Simon also submitted an updated test case that contains tests specifically for non-existent children. I have tested this patch against the updated test cases and on some actual applications and I highly recommend updating to the latest svn trunk (5588 at time of update).
applying this patch – at least until it makes it into the core. Which I sincerely hope that it does.
Kudos to Simon Jaillet, you are my new Acl hero having solved the inheritence problem for me.