Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-24834

Add possibility to set current user on Repository w/o loading

    XMLWordPrintable

Details

    Description

      Currently all setup of Repository needs to load a user to set it as current user, however:

      • Security: As loading user by id does not check permissions on API to be able to allow exactly this, it does not provide any added security, with this need removed we can consider adding permission checks on user loading again to fix this inconsistency.
      • Performance: It leads to unnecessary loading on every request, and currently the whole User Content is serialized into session causing slow read/write/serialization of sessions.

      For both repository and session we actually only need to know the id for authentication and authorization needs, so way to fix this is to introduce a very simple UserReference interface that exposes just this, and for BC change User to implement this as well.

      PR: https://github.com/ezsystems/ezpublish-kernel/pull/1414

      Attachments

        Activity

          People

            Unassigned Unassigned
            andre.romcke-obsolete@ez.no André Rømcke (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 30 minutes
                1h 30m