Open exponentcms opened 4 years ago
This also means renaming some controller methods to conform with standard permission names or 'remove_permissions' to block their being called by a non-admin
This basically/mainly applies to the controllers...within expController, the method/variable MUST be 'protected' since 'private' will prevent the method/variable from being available to the other controllers.
We could tighten down security a great deal by making the 'internal' methods 'private' and/or 'protected' instead of 'public' (default for no access/visibility modifier)