#6715 Change has_access() handling of DENY

unreleased
open
nobody
cleanup (28)
General
nobody
2014-11-27
2013-09-27
Dave Brondsema
No

We currently have deny checks pretty early in the has_access() logic. It would be better to have the ACL order be respected, and have a DENY return false.

Need to make sure that tool-level user blocks still work properly, as do private tickets and developer-only forums.

Make sure tests & docstrings are updated, since this is important functionality. See particularly test_weird_allow_vs_deny

all_allowed() will need to reflect these changes too

Discussion

  • Dave Brondsema

    Dave Brondsema - 2013-10-03
    • Description has changed:

    Diff:

    --- old
+++ new
@@ -3,3 +3,5 @@
 Need to make sure that tool-level user blocks still work properly, as do private tickets and developer-only forums.

 Make sure tests & docstrings are updated, since this is important functionality.  See particularly `test_weird_allow_vs_deny`
+
+`all_allowed()` will need to reflect these changes too
     

  • Cory Johns - 2013-10-03

    The test_weird_allow_vs_deny test case is now called test_deny_vs_allow

     

Log in to post a comment.