On 5/29/06, Bèr Kessels <ber@webschuur.com> wrote:
However, removing stuff by permission is *always* the wrong way around. It is opt-out security, which is close to "not security". If someone is not allowed to not see something, it should not even be considered loading. It should not be available. Anywhere.
What about if modules (or even themes) need to "see" certain values, for some kind of conditional logic, but the users aren't allowed to access them? In this case, your security model either can't be implemented, or would have to be hacked around; and "opt-out security" would be a better option. I've always found that loading all fields into an object is best, since you never know when you'll need some of them. But then again, I've never had to deal with field-level access control. Cheers, Jaza.