/**
* Removes an ARO from current node and all children
*
* @param Zend_Acl $root
* @param mixed $aro
* @param mixed $context
* @return boolean
*/
protected function _valid($root, $aro, $context)
{
$score = 0;
$score += $root->_getPermission()->score('allow', $aro, $context);
$score -= $root->_getPermission()->score('deny', $aro, $context);
if ($score < 0) {
return false;
} elseif ($score > 0) {
return true;
}
// Keep working back to root if ACL has a parent
if (!$root->_isRoot()) {
return $this->_valid($root->getParent(), $aro, $context);
}
// Return a 'catchall' permission as a last resort
return self::PERM_DEFAULT;
}