That's the right idea. Generally in my applications I try to give my admin user full access - and limit access to other users. Assuming you have defined a function called isAdmin() that returns true if the currently logged in user is an admin user, you could alter the code as follows to make admins exempt from these permission limitations:
- Code: Select all
function rel_atmospheres__permissions(&$record) {
if ( isAdmin() ) return null;
return array(
'add new related record' => 0
);
}
Best practice is to actually deny all access to users at the global level (except admins), and then add access at the table, field, and relationship levels explicitly to other users as required. That minimizes the chances of accidentally giving users access to things they shouldn't have access to.
-Steve