I'm wondering about the security implications of allowing the Autocomplete reference option. If a user has access to content type A and not B (or even node A and node B of the same type but different Content Access setttings), but then enter text in the autocomplete that could pull up an image/file from content type B, does this module filter out options that the user does not have access to using the Content Access module or by way of basic node type permissions of "view" or "edit"?
I know I could test this and be somewhat sure, but I wanted to be absolutely sure this wasn't going to allow users to add and view file content they have no permission to see and bypass node security.
Thanks for your time and effort to help me out!
Comments