#6715 Change has_access() handling of DENY

unreleased
open
nobody
cleanup (23)
General
nobody
2014-11-27
2013-09-27
Dave Brondsema
No

We currently have deny checks pretty early in the has_access() logic. It would be better to have the ACL order be respected, and have a DENY return false.

Need to make sure that tool-level user blocks still work properly, as do private tickets and developer-only forums.

Make sure tests & docstrings are updated, since this is important functionality. See particularly test_weird_allow_vs_deny

all_allowed() will need to reflect these changes too

Discussion

  • Dave Brondsema
    Dave Brondsema
    2013-10-03

    • Description has changed:

    Diff:

    --- old
    +++ new
    @@ -3,3 +3,5 @@
     Need to make sure that tool-level user blocks still work properly, as do private tickets and developer-only forums.
    
     Make sure tests & docstrings are updated, since this is important functionality.  See particularly `test_weird_allow_vs_deny`
    +
    +`all_allowed()` will need to reflect these changes too
    
     
  • Cory Johns
    Cory Johns
    2013-10-03

    The test_weird_allow_vs_deny test case is now called test_deny_vs_allow