Actually, you are right. It happens when a user has full privileges and then the system won’t check any privileges against that user. Since I was creating users using manage user page I had no other option than to create user accounts with full privileges. But later I try with system administration page and I was able to create users without assign full privileges.
But I create a user who is having App: attachments.attachments.page privilege and then change the privilege name inside the above mentioned if statement. SO then that user not able to load the attachment page since the user has no matching privilege. I think now I understand how it works. Thank you very much for your help and awesome explanation.
And one more question, So let’s say we put some new privileges to our attachment module (UI side
) and use that privileges to access some functionality. But we are not adding that privileges to the main system. So my question is that if some user has full privileges (admin), does that newly added privileges ( which user haven’t yet ) will be a problem for them? ( since the system won’t check any privileges against that user )