<<are we doing the same mistakes again?>>
No. This may be a bit too technical for the users list, but in a nutshell:
The editwizards use the bridge to access mmbase. This means that, like any other application (taglibs, jsp-editors) they automatically use security.
However, like those applications, just using security is not enough - you also have to test at certain places if someone is allowed to do something, so you can prevent links appearing when they are inappropriate.
So, if someone is not allowed to edit an object, the security will, automatically, raise an error (and in case of the editwizards, display a DON'T PANIC message) when one attempts to do so. In that respect all is safe.
The wizards should, however, check for this condition FIRST, so they don't provide an 'edit' link which would give people the idea that they can edit an object they have no rights to.
This last part is not implemented in the editwizards.
Pierre
