Rbac Not Handling Ancestors Beyond Immediate Parent #88
Description
In section 17.2.1 of your ebook, you suggest creating roles 'Administrator,' 'Editor,' and 'Viewer.' 'Administrator' inherits permissions from 'Editor' and 'Editor' inherits permissions from 'Viewer.'
Using your code from section 17.2.2, where you add the roles along with their parents and establish a 'post.view' permission to the 'Viewer' role, I then tested to see if a user with the 'Administrator' role would correctly inherit the 'post.view' permission.
// Create Rbac container.
$rbac = new Rbac();
// The following is to tell Rbac to create some parent roles if not exist yet
$rbac->setCreateMissingRoles(true);
// Create role hierarchy
$rbac->addRole('Viewer', ['Editor', 'Author']);
$rbac->addRole('Editor', ['Administrator']);
$rbac->addRole('Author');
$rbac->addRole('Administrator');
// Assign permissions to the Viewer role.
$rbac->getRole('Viewer')->addPermission('post.view');
$rbac->isGranted('Administrator', 'post.view'); // returns false!!
The Rbac returns false when it should return true.