handcode
commented
7 years ago After testing with different pages and flags, I've seen that I have to first look deeper at the ActiveRecordAccessTrait.
"Only" If Access_owner is NULL, you can not protect a page. If Access_owner is NOT NULL and access_read is set, the page is not found at all for guest users. We'll have to fix/change this first.
Currently if the pages_default_page permission is granted for the 'Unauthenticated User' role, all (visible and not disabled) pages are public.
I've added a simple access_read check in the default::page action, so we can create e.g. pages which are only accessible for users with backend GRANTs.
Any objections?