torstenroeder
commented
5 years ago It would probably require a simple table to register all script names and their respective basic permission. Zotero should check automatically if the permissions are sufficient. This needs to be discussed, as we also talked about single entry points before.
Currently, permission is checked in each PHP file separately, i.e. if a user opens
z_logfor example,$dbi->requireUserPermission ('admin')is executed.This makes auditing and managing groups, permission and access unnecessarily hard.