Merge pull request #577 from phalcon/2.0.x

2.0.11
phalcon · May 4, 2016 · 8b77b9f · 8b77b9f
2 parents 1fbe375 + 38e05eb
commit 8b77b9f
Show file tree

Hide file tree

Showing 17 changed files with 1,608 additions and 294 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -29,6 +29,7 @@ env:
     - TEST_DB_NAME="incubator_tests"
     - TEST_DB_CHARSET="utf8"
   matrix:
+    - PHALCON_VERSION="2.0.11"
     - PHALCON_VERSION="2.0.10"
     - PHALCON_VERSION="2.0.9"
     - PHALCON_VERSION="2.0.8"

diff --git a/Library/Phalcon/Acl/Adapter/Database.php b/Library/Phalcon/Acl/Adapter/Database.php
@@ -407,7 +407,7 @@ public function isAllowed($role, $resource, $access)
             // access_name should be given one or 'any'
             "AND access_name IN (?, '*')",
             // order be the sum of bools for 'literals' before 'any'
-            "ORDER BY (roles_name != '*')+(resources_name != '*')+(access_name != '*') DESC",
+            "ORDER BY ".$this->connection->escapeIdentifier('allowed')." DESC",
             // get only one...
             'LIMIT 1'
         ]);
@@ -438,14 +438,16 @@ public function isAllowed($role, $resource, $access)
     protected function insertOrUpdateAccess($roleName, $resourceName, $accessName, $action)
     {
         /**
-         * Check if the access is valid in the resource
+         * Check if the access is valid in the resource unless wildcard
          */
-        $sql = "SELECT COUNT(*) FROM {$this->resourcesAccesses} WHERE resources_name = ? AND access_name = ?";
-        $exists = $this->connection->fetchOne($sql, null, [$resourceName, $accessName]);
-        if (!$exists[0]) {
-            throw new Exception(
-                "Access '{$accessName}' does not exist in resource '{$resourceName}' in ACL"
-            );
+        if ($resourceName !== '*' && $accessName !== '*') {
+            $sql = "SELECT COUNT(*) FROM {$this->resourcesAccesses} WHERE resources_name = ? AND access_name = ?";
+            $exists = $this->connection->fetchOne($sql, null, [$resourceName, $accessName]);
+            if (!$exists[0]) {
+                throw new Exception(
+                    "Access '{$accessName}' does not exist in resource '{$resourceName}' in ACL"
+                );
+            }
         }
 
         /**

diff --git a/Library/Phalcon/Db/Dialect/MysqlExtended.php b/Library/Phalcon/Db/Dialect/MysqlExtended.php
@@ -36,7 +36,7 @@ class MysqlExtended extends Mysql
      * @return string
      * @throws \Exception
      */
-    public function getSqlExpression(array $expression, $escapeChar = null)
+    public function getSqlExpression(array $expression, $escapeChar = null, $bindCounts = null)
     {
         if ($expression["type"] == 'functionCall') {
             switch ($expression["name"]) {