New Accessrules

Hi guys.

According to new docs, AccessControl now uses deny rule by default (whitelisting).

Here’s the funny thing: if I have explicitly defined ‘allow’ => false at the end of the rules array, everything works as expected.

But if I’m not - AccessRule::allows() will return NULL instead of FALSE so no denyCallback() will be fired (because of triple === in AccessControl::beforeAction). This causes blank screen instead of 403.

I wonder if it is by design.

Good catch. Fixed: