From 0f7832dc30fb4d8aedd24b6ad8a9e48876a77dd0 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Mon, 13 Mar 2017 16:19:47 -0700
Subject: code_allowed is a real mess. Start the cleanup by remving the account
 level code allow and limiting to specific channels only. This reduces the
 possibility of cross channel security issues coming into play. Then provide a
 single function for checking the code permission. This is only partially done
 as we often need to check against the observer or logged in channel as well
 as the resource owner to ensure that this only returns true for local
 channels which also own the requested resource.

---
 doc/database/db_account.bb | 1 -
 1 file changed, 1 deletion(-)

(limited to 'doc')

diff --git a/doc/database/db_account.bb b/doc/database/db_account.bb
index 354f2d3a8..35d7a9eb3 100644
--- a/doc/database/db_account.bb
+++ b/doc/database/db_account.bb
@@ -58,7 +58,6 @@ define ( 'ACCOUNT_PENDING',      0x0010 );
  * Account roles
  */
 
-define ( 'ACCOUNT_ROLE_ALLOWCODE', 0x0001 ); // 1 - this account can create content with PHP/Javascript
 define ( 'ACCOUNT_ROLE_SYSTEM',    0x0002 ); // 2 - this is the special system account
 define ( 'ACCOUNT_ROLE_DEVELOPER', 0x0004 );
 define ( 'ACCOUNT_ROLE_ADMIN',     0x1000 ); // 4096 - this account is an administrator
-- 
cgit v1.2.3