One more thing that would help introspection is better tagging of php classes methods (I think this is called "annotation" ).
In short: an example of a currently much needed information is "who does permission checking ?"
Afaik:
index.php checks access perms for current user to module/view if the corresponding perm has no limitation
the view php code needs to do access checking on its own if the corresponding perm has some limitation
other bits of code do access checking on their own (eg. the template fetch functions do some, but not all are created equal, eg. checking perms on related object is not always done in a way that is expected)
See issue http://issues.ez.no/IssueView.php?Id=16862 for the feat.request.
Principal Consultant International Business
Member of the Community Project Board