Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Q? about Permissions & Preferences

edited December 2007 in Vanilla 1.0 Help
In an extension, let's say we have a role-based permission, "Can View Images".
We then have a user preference, "View Images".
Let's say there's a user with the appropriate role, and they activate the preference "View Images". Now they can view images.

Then, let's say the user's role is changed to one that can't view images.

The preference stays in the user's preference array, right? So if the extension code just says "if (user has preference)...", would the user still be able to view images, even though their role has changed?

What I'm trying to get at is: If I have a role (permission) & preference based feature, can I get away with just checking for user preference, or should I be checking for permissions & preference?



  • I'd check for both.
  • You should be able to use the PreRoleChangeNotification delegate of UserManager if you want to clean out that preference after the role change. It might be more trouble than it's worth, though. :)
This discussion has been closed.