On 4 August 2014 14:51, naitsirch <[email protected]> wrote: > but what if the user really wants that filtering to be applied? >> > > I am not sure if I have understood you. The current situation is that the > filtering is only applied at the first query. All later made queries will > return the same result (of children associations) and that is not only > false, it could lead to data damage and security holes. User may view data > which they are not allowed to view, because the filtering in the query does > not work (see my above example). >
Yes, that is indeed true, and that's something annoying and to be avoided in your case. What I'm saying is that this is actually wanted in some particular cases. > > yes, but then we'd break BC quite badly. > > > That could be true, but it is only breaking compatibility where users are > relying on a "mistake" in Doctrine. Because, when I add a condition to a > query to filter child records, I expect that this condition is represented > by the result. But this is not true for the current situation. > > Or am I missing something? > Correct, what I'd suggest is adding a hint to the query, such as `AbstractQuery::YES_I_REALLY_WANY_BROKEN_HYDRATION`. The problem is that users relying on it right now would have to add that hint on upgrade. Other users may simply find out about the problem during upgrade instead. Marco Pivetta http://twitter.com/Ocramius http://ocramius.github.com/ -- You received this message because you are subscribed to the Google Groups "doctrine-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/doctrine-user. For more options, visit https://groups.google.com/d/optout.
