Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

check access-by-id on **everything** protects by current domain #843

Open
stwalkerster opened this issue Sep 12, 2023 · 0 comments
Open

check access-by-id on **everything** protects by current domain #843

stwalkerster opened this issue Sep 12, 2023 · 0 comments
Assignees
@stwalkerster

Comments

@stwalkerster
Copy link
Member

stwalkerster commented Sep 12, 2023
edited
Loading

Thinking of reworking DomainObject::getById(...) to do this everywhere. Probably need to refactor DomainObject into domain-relevant and non-domain-relevant subclasses.

Also thinking of reworking getById to return null instead of false. It feels... better.

table name has col isolation by id tested
ban no (!!)
comment no
domain no (vaguely; this one's hard as some data is visible to all domains, others not)
emailtemplate yes
jobqueue yes
log yes
request yes
requestform yes
requestqueue yes
sitenotice no (!!)
userpreference yes tested as part of prefs overhaul
welcometemplate yes
@stwalkerster stwalkerster self-assigned this Sep 12, 2023
@stwalkerster stwalkerster converted this from a draft issue Sep 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stwalkerster stwalkerster

Labels
None yet
Projects
Multi-project support
Status: In progress
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stwalkerster