Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Q? about Permissions & Preferences
In an extension, let's say we have a role-based permission, "Can View Images".
We then have a user preference, "View Images".
Let's say there's a user with the appropriate role, and they activate the preference "View Images". Now they can view images.
Then, let's say the user's role is changed to one that can't view images.
The preference stays in the user's preference array, right? So if the extension code just says "if (user has preference)...", would the user still be able to view images, even though their role has changed?
_________
What I'm trying to get at is: If I have a role (permission) & preference based feature, can I get away with just checking for user preference, or should I be checking for permissions & preference?
Thanks!
We then have a user preference, "View Images".
Let's say there's a user with the appropriate role, and they activate the preference "View Images". Now they can view images.
Then, let's say the user's role is changed to one that can't view images.
The preference stays in the user's preference array, right? So if the extension code just says "if (user has preference)...", would the user still be able to view images, even though their role has changed?
_________
What I'm trying to get at is: If I have a role (permission) & preference based feature, can I get away with just checking for user preference, or should I be checking for permissions & preference?
Thanks!
0
This discussion has been closed.
Comments