16 Oct
2009
16 Oct
'09
3:37 p.m.
On 10/16/2009 11:53 AM, Guillaume Lerouge wrote:
Hi Devs,
right now an user can have edit rights on a page even though he does not
have the view right on that page.
This sounds weird to me since that user can still access the page's content
by going to the right URL.
Thus I think it would be better to have the view right inherited from the
edit right (if an user can edit a page he should also be able to view it).
Is there any drawback to this?
The rights code is already complex as it is, this would only add more
if-else branches in a spaghetti code. Plus, it adds another piece of
"access rights magic". Although it is logic that users should not be
allowed to edit what they can't see, I think that letting the admins set
the rights to accomplish this is the right way.
--
Sergiu Dumitriu
http://purl.org/net/sergiu/