The entity change simply adds entity.access = false instead of entity = undefined.
This means anyone can hook into this and remove the access = false if they want to allow permission that was previous revoked. Or add access = false if they want to restrict access even though core permissions granted it
The route permissionsCallback is described here: https://github.com/CityWebConsultants/Iris/pull/124
The entity change simply adds entity.access = false instead of entity = undefined.
This means anyone can hook into this and remove the access = false if they want to allow permission that was previous revoked. Or add access = false if they want to restrict access even though core permissions granted it