I’ve found a bug that I think is serious because it complicates coding a lot.
As you know you can add rights (viewable and accessible) to elements.
It was a bad surprise to find that the viewable setting can be overriden by a line in a method that make the element viewable.
I think that this is completly wrong. The rights you give to an user should be enforced everywhere and always. A script saying elements.el1.viewable=true should not be allowed to override the security setting.
I hope that you fix this.
Thank you.
Probably I am missing something from your point of view. Usually users works with Servoy Clients and cannot modify methods.
Yes but in this case a method has some code logic to determine if a button in a form has to be shown or not, independently of the right to see or not this button.
For example, if you have a form that you want to use to create and edit a databse record you might have the following buttons: “create”, “erase”, “save changes”.
When you create a new record you want to see only the “create” button and when you edit the record you want to see the “save changes” and “erase” button. Therefore there is some logic in a method to determine if the buttons should be visible or not depending if you are editing or creating a record.
The problem arise when you decide NOT to give the right to erase to a user (the button “erase” is set to not viewable, not accesible). I would expect that when this user edits a record he would not see the erase button … but it does because the logic in the method says that when you edit a record it should show the the erase button.
The logic in the methods is stronger (overrides) the security settings.