Cross inheritance #18

jyotman · 2017-09-29T14:03:25Z

Should cross inheritance be allowed?

For example I have 2 roles - user and admin.

Now if I write -

ac.grant('admin').extend('user')
ac.grant('user').extend('admin')

Then from this moment onward, both the roles have become exactly similar. All the permissions given to admin role would apply to user role and vice-versa. Then what's the point of having 2 different roles?

Forgive if I'm missing something. And thanks for this really useful module.

The text was updated successfully, but these errors were encountered:

onury · 2017-10-03T01:56:56Z

Although, there's no point doing that; it's still valid (currently).

But I see your concern. This might even lead to security issues on the host application, if not used with caution. Besides, I can't think of any true, valid use of cross-inheritance.

I'll consider this in the next version (will be released in a couple of days).
Thanks.

onury · 2017-10-05T16:22:08Z

Cross-role inheritance is no more allowed in v2.0.0+

onury added the revision A change rather than a bug or feature. label Oct 3, 2017

onury closed this as completed Oct 5, 2017

onury added the security Issue breaks security. label Nov 14, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cross inheritance #18

Cross inheritance #18

jyotman commented Sep 29, 2017

onury commented Oct 3, 2017

onury commented Oct 5, 2017

Cross inheritance #18

Cross inheritance #18

Comments

jyotman commented Sep 29, 2017

onury commented Oct 3, 2017

onury commented Oct 5, 2017