krstffr
commented
9 years ago the method checking if user is authorized should probably also take a second param which is the required role level (to compare the users role to).
Open krstffr opened 10 years ago
krstffr
commented
9 years ago the method checking if user is authorized should probably also take a second param which is the required role level (to compare the users role to).
Who can do what?
All users should not be able to create new users or promote other users etc. Some users should, but not all. Give them different roles. Which roles should there be?