Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-24834

Add possibility to set current user on Repository w/o loading

    XMLWordPrintable

    Details

      Description

      Currently all setup of Repository needs to load a user to set it as current user, however:

      • Security: As loading user by id does not check permissions on API to be able to allow exactly this, it does not provide any added security, with this need removed we can consider adding permission checks on user loading again to fix this inconsistency.
      • Performance: It leads to unnecessary loading on every request, and currently the whole User Content is serialized into session causing slow read/write/serialization of sessions.

      For both repository and session we actually only need to know the id for authentication and authorization needs, so way to fix this is to introduce a very simple UserReference interface that exposes just this, and for BC change User to implement this as well.

      PR: https://github.com/ezsystems/ezpublish-kernel/pull/1414

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              andre.romcke@ez.no André Rømcke
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour, 30 minutes
                  1h 30m