Hi all,
I have different types of user permissions on a site. Some users are
able to edit specific pages, some users have ''editor'' rights,
and some
have ''admin'' rights.
I can render different views depending on the permissions the user has,
and restrict the ability to edit certain subsets of data through a form.
But how can I protect a user (who has permission to access the
''edit''
action) from submitting a raw POST request to edit specific fields that
they don''t have permission to edit?
Thanks,
Tom
