I am currently 4.3.13 and am encountering what I believe might be I thought was a bug, but realize might be intentional.
I have a parent child scenario and have authorization rules on the parent. For what I can see, the authorization rules do not cascade down to the child. For example, if the parent is read only, I can still make changes to the child.
I can understand why if this is intentional. If it isn't, please let me know.
If it is intentional, how do I handle security on the children best. Should I:
1) Set security on each child class explicitly. This is a problem if there are multiple parent classes that use this child and have different security.
2) Access the Parent and check it's security. This seems to be a bit of a complex base class. How does one override this if a child as a special security requirement?
Any help would be appreciated.