Hi all, I was checking what an anonymous user can do and i found that it is possible for any user to view, delete and create platform users. I thought it was simply a matter of implementing an "is allowed check" in all the components, but when i wanted to do that I saw that it had alreaday been implemented, but was "turned off" some months ago for speed issues.
now every component does a check with the is_allowed_in_user_subtree method BUT the method always returns true. my question is: should this be again re-implemented with use of the complete right system (like it was, but it must have been turned off for a reason) or should I just do a check on is_platform_admin without the possibility of ever giving the creation, editing, ... right to anybody else? Nathalie _______________________________________________ Dev mailing list Dev@lists.chamilo.org http://lists.chamilo.org/listinfo/dev
