dhensby
commented
8 years ago @rasstislav thanks for these PRs (#137 #138 #139)
I think it would be best to see them all in one PR so a complete review can be done as one.
My initial thoughts are that SilverStripe implements a "secure by default" model on canView, which means the onus is on developers to define looser permission constraints rather than tighter ones - so I don't think we'd change the default canView behaviour to just return true.
Also, I don't think throwing a permission error when attempting to see a widget that has canView return false makes sense, better just to hide if from the widget area.
@rasstislav, thanks for your PR! By analyzing the blame information on this pull request, I identified @dhensby, @chillu and @wilr to be potential reviewers