On Tue, Feb 27, 2007 at 09:51:19AM -0500, Henry Baragar wrote:
> Hello,
>
> Is it the intention that load_by_cols (and id) bypass access control?
>
> It surprised me, with my current_user_can definition, that I can load a
> record
> (using load_by_cols) but not read any of the columns (other than id). Is
> there a laod_by_cols wrapper method, similar to _value(), missing from
> Jifty::Record?
Often times, the access control decisions depend on the content of the
record (and there are other ways to load records). What attack are you
concerned about?
>
> Regards,
> Henry
> _______________________________________________
> jifty-devel mailing list
> [email protected]
> http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel
>
--
_______________________________________________
jifty-devel mailing list
[email protected]
http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel
