[BUG] ACL allows access to forbidden resources

[ghost]

Looks like the normal behavior was broken in 6da8921

Test case:

<?php
$acl = new Phalcon\Acl\Adapter\Memory();

//Default action is deny access
$acl->setDefaultAction(Phalcon\Acl::DENY);

//Add "Guests" role to acl
$acl->addRole( new Phalcon\Acl\Role('Guests') );

//Add "Designers" role to acl
$acl->addRole('Designers');

//Define the "Customers" resource
$customersResource = new Phalcon\Acl\Resource('Customers', 'Customers management');

//Add "customers" resource with a couple of operations
$acl->addResource($customersResource, 'search');
$acl->addResource($customersResource, array('create', 'update'));

//Set access level for roles into resources
$acl->allow('Guests', 'Customers', 'search');
$acl->allow('Guests', 'Customers', 'create');
$acl->deny('Guests', 'Customers', 'update');

//Check whether role has access to the operations
echo $acl->isAllowed('Guests', 'Customers', 'edit') . "
"; // should return 0 but returns 1 !!!
echo $acl->isAllowed('Guests', 'Customers', 'update'); // should return 0 but returns 1 !!!

See #1251 (comment)

This happens both in 1.2.4 and 1.3.0