Open Rillke opened 5 years ago
It would probably require a simple table to register all script names and their respective basic permission. Zotero should check automatically if the permissions are sufficient. This needs to be discussed, as we also talked about single entry points before.
Currently, permission is checked in each PHP file separately, i.e. if a user opens
z_log
for example,$dbi->requireUserPermission ('admin')
is executed.This makes auditing and managing groups, permission and access unnecessarily hard.