Evan Winslow
Evan Winslow
@Srokap why not?
I think it's worth trying to figure out how to make this work generally. Is also just a usability issue that we need to fix regardless. People should have a...
I am going to course this in favor of a more generic approach to validating forms that works with all of them. Obviously, registration is a key use-case.
Similar to #8647
Thought about this more. We could have `$session->userCan('verb', $object, $target);` for the current user situation. Also probably makes sense to have `$session->assertUserCan('verb', $object, $target)` for actions and pages as a...
@mrclay, I've written a gist with my proposal, including proposed documentation. We may have to add end-to-end permissions tests before we can reasonably hope to refactor the permissions system, though......
Looks good. I think this has a bug as it relates to creating new content, though. can('post', new Blog ()) can('post', new Plugin()) If the first returns true, so will...
A different direction that I like more and more the longer I think about it: consolidate further around "actions". $actions->can('action/name', $params, $user = null); // defaults to logged in user...
What I like about this approach is that it doesn't require forcing all permissions into a subject/object/target model; the activitystreams-inspired model is nice and clean but might not end up...