Changes between Version 2 and Version 3 of UserGuidelines/Admin/Permissions/Rules


Ignore:
Timestamp:
02/09/17 09:40:47 (5 years ago)
Author:
Dominic König
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • UserGuidelines/Admin/Permissions/Rules

    v2 v3  
    9494Controllers are free to implement additional authorization requirements outside of ACLs, and call auth.permission.fail() individually.
    9595
    96 Those non-ACL rules can further '''restrict''' access to data or functions, but they can not bypass ACL rules applied by S3 framework functions.
     96Those non-ACL rules can further '''restrict''' access to data or functions (e.g. hide fields, reject certain requests), but they can not bypass ACL rules applied by S3 framework functions.
    9797
    9898In particular, non-ACL rules can not allow access to controllers while ACL rules deny it.