Currently, when access-control is denying access to the value of a field, the processing is :
return a blank value.
Page.php
// API access is denied when output formatting is ON
// so just return a blank value as defined by the Fieldtype
// note: we do not store this blank value in the Page, so that
// the real value can potentially be loaded later without output formatting
$value = $fieldtype->getBlankValue($this, $field);
return $this->formatFieldValue($field, $value);
I see 2 possible improvements which would make sense :
We should have the ability (enabled via a new $config setting ?) to log an event telling that access was denied to the field.
= same capability as what an OS does.
We should have the ability (enabled via a new $config setting ?) to inform the calling code that the access was denied.
So the calling code would have the ability to act accordingly (instead of just using the returned empty value, which may be the real field value or the dummy denied value).
How ? Probably by raising an exception WirePermissionException ?
Short description of the enhancement
Currently, when access-control is denying access to the value of a field, the processing is : return a blank value.
I see 2 possible improvements which would make sense :
We should have the ability (enabled via a new $config setting ?) to log an event telling that access was denied to the field. = same capability as what an OS does.
We should have the ability (enabled via a new $config setting ?) to inform the calling code that the access was denied. So the calling code would have the ability to act accordingly (instead of just using the returned empty value, which may be the real field value or the dummy denied value). How ? Probably by raising an exception WirePermissionException ?