Look at the manual:
7.3 Allowing/denying actions
"if the rights field is defined, Adm* actions have to be disabled as well."
It works by evaluated the lines of its table, in order.
You can think of it like this: if you have many lines in $WBB{rights}, the
first line override the second line which in turn override the third line,
etc. But's it's not really correct.
Actually, the order of these line is very important:
The first line is evaluated first, it allow or deny the action. If the user is
not concerned by the first line, the second is evaluated, etc.
Look at this small example:
$WBB{rights} "allow joe ^Search
deny .* ^Search
allow foo ^Search"
User foo is not allowed to Search, because the third line is never evaluated:
- in the first line joe is allowed to Search;
- in the second line all users but joe are denied to Search;
- there is no need to evaluate the third line.
The third line should be in second or first place to allow foo to Search.
Be careful with WBB{rights}, you can create security hole.
