Changes between Version 1 and Version 2 of Ticket #129


Ignore:
Timestamp:
10/05/09 09:47:02 (5 years ago)
Author:
dread
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #129

    • Property Milestone changed from v0.10 to v0.11
    • Property Summary changed from Secure db access by centralising query generation through authz module to Secure db access by channelling query generation through authz module

  • Ticket #129 – Description

    v1 v2  
    11Controllers and templates should not access db objects directly - they should do all access via authz module giving username. They are handed by a query that has already been filtered by the packages they are authorized to read.  
    22 
    3 When they request a package object, they are handed an copy of the db object - disconnected from the database - so it the db object can't be changed. 
     3(Additional idea to be discussed: When they request a package object, they are handed an copy of the db object - disconnected from the database - so it the db object can't be changed.) 
    44 
    55A couple of tests can be reenabled when this is done: