In both ACL examples, if I send in a user that has the role “adnim” it’ll quietly and happily treat that as the same as “guest”.
You can certainly make that design decision, but I think my take of “explicit is better than implicit” is to let the server logs complain about invalid roles (and then rejecting access, even if a guest would’ve had access).
Seems like slop.
This article has virtually nothing to do with implicit vs explicit code. The examples are just poorly written and poorly documented code. And even the "improvements" aren't that great. Why does `grantAccess` return permissions the user role already has?