Zend_Acl not working as advertised

I have a large implementation of Zend_Acl and the deny function is not working as expected. It is not inheriting properly and I have unresolved conflicts with groups.

Be开发者_如何学编程fore I get knee deep in code. Are there any well know issues with Zend_Acl or advanced tips anyone wants to share.

I'm having to explicitly deny access to all children in a tree, when I only expect to deny access to one parent.

I have multiple groups with various deny/ allows on the same object. The manual states that the last added group in and array is check first... this does not seem to be the case, it seems to check the most specific to the most general (null) permissions.

If I put permissions on the root of the tree, they stop working when I put any permission further down the tree they stop inheriting.

For me ACL works as expected. If you do this it has the expected behaviour: * allow default module for all * allow admin module for admins and superadmins * deny admin module / users controler for admins * allow admin module / users controler for superadmins

User can't access admin. Asdmins can't access uers administration. Superadmins can access everything.