To remove one or more access rules from the ACL, simply use the
available removeAllow() or
removeDeny() methods. As with allow()
and deny(), you may provide a NULL value
to indicate application to all roles, resources, and/or privileges:
<?php
// Remove the denial of revising latest news to staff (and marketing,
// by inheritance)
$acl->removeDeny('staff', 'latest', 'revise');
echo $acl->isAllowed('marketing', 'latest', 'revise') ?
"allowed" : "denied";
// allowed
// Remove the allowance of publishing and archiving newsletters to
// marketing
$acl->removeAllow('marketing',
'newsletter',
array('publish', 'archive'));
echo $acl->isAllowed('marketing', 'newsletter', 'publish') ?
"allowed" : "denied";
// denied
echo $acl->isAllowed('marketing', 'newsletter', 'archive') ?
"allowed" : "denied";
// denied
Privileges may be modified incrementally as indicated above, but a
NULL value for the privileges overrides such incremental changes:
<?php
// Allow marketing all permissions upon the latest news
$acl->allow('marketing', 'latest');
echo $acl->isAllowed('marketing', 'latest', 'publish') ?
"allowed" : "denied";
// allowed
echo $acl->isAllowed('marketing', 'latest', 'archive') ?
"allowed" : "denied";
// allowed
echo $acl->isAllowed('marketing', 'latest', 'anything') ?
"allowed" : "denied";
// allowed