Created on 2022-09-09.12:50:59 by ced, last changed 2 months ago by ced.
When defining create and delete access on xxx2Many fields, they are just followed by the clients (disabling buttons). But we could also enforce them on the server side of the field. For now only read and write accesses are enforced by ModelStorage.
This is not really a security issue because without a direct access restriction on the target model, it is still possible to call directly the ModelStorage.create and ModelStorage.delete on the target.
But for consistency it will be good to enforce it on the server side.
|2022-09-09 12:55:15||ced||link||issue11692 superseder|