Changes between Version 2 and Version 3 of UserGuidelines/Admin/Permissions/Rules
- Timestamp:
- 02/09/17 09:40:47 (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
UserGuidelines/Admin/Permissions/Rules
v2 v3 94 94 Controllers are free to implement additional authorization requirements outside of ACLs, and call auth.permission.fail() individually. 95 95 96 Those non-ACL rules can further '''restrict''' access to data or functions , but they can not bypass ACL rules applied by S3 framework functions.96 Those non-ACL rules can further '''restrict''' access to data or functions (e.g. hide fields, reject certain requests), but they can not bypass ACL rules applied by S3 framework functions. 97 97 98 98 In particular, non-ACL rules can not allow access to controllers while ACL rules deny it.
