engine icon indicating copy to clipboard operation
engine copied to clipboard

Published 20 hours ago verified publisher icon contember

Allow custom primary for admin

Open VojtaStanek opened this issue 2 years ago • 1 comments

If I use decorators and don't explicitly declare the admin role, @acl.allowCustomPrimary() has no effect.

This PR allows custom primary for admin always since there is no security risk involved (because it already knows about all existing ids).

This change is Reviewable

VojtaStanek avatar Jun 13 '22 13:06 VojtaStanek

I'm aware of this strange behaviour, but I'm not sure I like this solution. Also, allowing custom id by default is imho security risk.

matej21 avatar Jun 14 '22 08:06 matej21