Closed OnitaAndrei closed 1 year ago
@arhimede , you mentioned the permission inheritance during the call we had regarding this rather than changing the code, a simpler solution would be to work in authorization.global.php the admin role now inherits all of the user's permissions
UserRole::ROLE_USER => [AdminRole::ROLE_ADMIN],
but if we separate the permission list for the admin, then it won't come into conflict with e.g. the user's avatar
as a side note, i noticed a typo in the comment in the above file
- Example: 'roles' => [ 'A' => [], 'B' => ['A'], 'C' => ['B'], ],
- A has no parent role.
- B has A as a parent. That means A inherits the permissions of B.
- C has B as a parent. That means C inherits the permissions of B, and A inherits the permissions of C.
the last line should be 'B inherits the permissions of C'
updated in https://github.com/dotkernel/api/pull/151
tested and merged
throw error messages when accessed by logged Admin because the endpoints search for logged User