ErikVB wrote
Timo Breumelhof wrote
An admin module is an admin module and gives any user that can access it Admin rights for that module, so the discusion about other users accessing the admin pages is theorectical IMO (sorry Erik ;-)
If you giva a "normal" user access to one of the exisitng admin pages this user in effect has the same edit rights as an admin.
|
I respectfully disagree with you Timo ... in DNN 5 it is EXPLICITLY possible to give non admin users access to part of the admin menu. Any module checking for "IsAdmin" would hide that page, regardless of actual permissions, which in turn will cause the user to NOT be able to navigate to that page. The issue with the IsAdmin flag is that it doesnt do any permission checking, it only checks based on a location in the menu. This was good when we could safely assume that the only role accessing that page in that menu was the admin role. Since we cannot and should not assume that anymore, the IsAdmin flag should always return False (and let permissions do their work).
Quite frankly, i think this whole discussion is academic. Can someone please give an actual example where a module or skin object behaves differently between dnn 4 and 5 and where this is a major issue.
Well although your agruments are mostly valid and it is difficult to find a good solution, it is also a serious problem.
Housemenu now renders admin pages, (if you are logged on as admin) even if you have set it shouldn't.
I mostly do not render the admin pages in the main menu.
This means I will have to change a lot of skins before I can use them with DNN 5.
(read: change the menu system)
For me that's not such a big problem, but for people that are not skinners it is.
IMO this is a breaking change, similar to the "solpart provider problem".