There's plenty of blog articles out there about using the IfHasRights() function, including a list of all the possible permission entities. But one thing I didn't find and had to work out for myself is the fact that the IfHasRights() function is executed at the site permissions level, not the list level.
For example, in the site I'm developing I had a group set with Read access only as the default site permission, but for a custom list gave them Contribute access. On the custom display form I have a block that should only be visible to users with edit access, i.e. IfHasRights(4). This doesn't work for people who are in this group because at the site level they don't have edit access.
The upshot is that if you are intending to have different levels of access within a site and are using IfHasRights(), you will need to give the users the highest level of access required for whatever list, and then reduce their access level for the elements they won't have access to.
