webbird
commented
8 years ago Reason is that settings, settings_basic and settings_advanced have bit 0 as value. In this case, the check_permission() method always returns true. So for a quick fix set the bits in the system_permissions table to
settings -> 1 settings_basic -> 2 settings_advanced -> 4
I'm not sure if we really check basic and advanced.
If a user (=a group) has page editing permissions, some global settings like "Maintenance mode" are accessible (and can be saved!) in addition.