On 10/16/2009 11:53 AM, Guillaume Lerouge wrote:
Hi Devs, right now an user can have edit rights on a page even though he does not have the view right on that page.
This sounds weird to me since that user can still access the page's content by going to the right URL.
Thus I think it would be better to have the view right inherited from the edit right (if an user can edit a page he should also be able to view it).
Is there any drawback to this?
The rights code is already complex as it is, this would only add more if-else branches in a spaghetti code. Plus, it adds another piece of "access rights magic". Although it is logic that users should not be allowed to edit what they can't see, I think that letting the admins set the rights to accomplish this is the right way. -- Sergiu Dumitriu http://purl.org/net/sergiu/