Ticket #129 (new enhancement) — at Initial Version
Secure db access by centralising query generation through authz module
| Reported by: | dread | Owned by: | rgrp |
|---|---|---|---|
| Priority: | awaiting triage | Milestone: | ckan-backlog |
| Component: | ckan | Keywords: | |
| Cc: | Repository: | ||
| Theme: |
Description
Controllers and templates should not access db objects directly - they should do all access via authz module giving username. They are handed by a query that has already been filtered by the packages they are authorized to read.
When they request a package object, they are handed an copy of the db object - disconnected from the database - so it the db object can't be changed.
Note: See
TracTickets for help on using
tickets.
