Skip to content

Clean up role checks #47

Description

@vphantom

Right now, because some things can be done by administrators, editors-in-chief and editors, I used various indirect ways of checking, such as can('delete', 'article'). Maybe instead, administrators should have the two other roles tagged on, and editors-in-chief should have editor tagged on. They would then be inclusive.

Another option might be to describe inclusion in config.ini although that would mean having to refactor the ACL loader to process those recursively.

Once that's done, all code and templates should be scanned and updated to actually use proper has_role() checks where appropriate.

We also have the problem that editors which are also peers lose sight of any articles they can't review, so we need to audit all permissions checks to make sure they're positive, not negative like this peer check.

Metadata

Metadata

Assignees

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions