Change the defaultPermission default value to false for hasObjectPermissionTo
Closed this issue · 3 comments
Is your feature request related to a problem? Please describe.
The current default value of defaultPermission = true is confusing and leads to mistakes while writing code especially if you were using it for the first time. When I read the word "has" I expect that this permission must be present/defined for that object, otherwise it's not.
This happened in admin panel which was abused by hackers, check these two PRs for more info:
Describe the solution you'd like
I suggest setting the default value of the defaultPermission parameter to false.
bool hasObjectPermissionTo ( string / element theObject, string theAction [, bool defaultPermission = false ] )Describe alternatives you've considered
No response
Additional context
No response
Security Policy
- I have read and understood the Security Policy and this issue is not about a cheat or security vulnerability.
Any thoughts?
Yeah I've always wondered why it's like this, it's illogical but changing it now would also be a bad idea as it'd break scripts. Perhaps hasStrictObjectPermissionTo that has no arg3 could be added.
@ArranTuna 1.7 is the time to implement such changes (many backwards incompatible things have been merged at this point)