Affects Version/s: 16.02
Fix Version/s: None
Component/s: Platform UI (Admin UI & Content UI)
All backend editors needs access to user objects of other authors in order for author fields to not crash the editing.
Author field should have fallback to not break down (we should check this for all fields that load other content btw)
- A. need to strip out passwordHash and passwordHashType from REST response on User data (BC break, but as it is security it can be acceptable)
- B. we need to have a slimmed down REST endpoint for loading user(s).
- C. We accelerate FieldGroups (EZP-24119) work (making it native and making it possible to limit access rights on it)
B. and C. might be considered most secure for customers that plan to put sensitive data on user object fields..
Platform currently has very crude role for editors, it just gives all "content" rights with no limitations. Given only tool we have to enforce good content architecture is content rights, this should be updated based on what is in Studio as soon as the design issue is solved.