vanilla icon indicating copy to clipboard operation
vanilla copied to clipboard

Published 20 hours ago verified publisher icon vanilla

LocalApiBulkDeleteJob violates MVC separation

Open bleistivt opened this issue 4 years ago • 2 comments

https://github.com/vanilla/vanilla/blob/7cc3ce7c31e181d934514b78c6f8406f7b5c5e3a/applications/vanilla/models/class.discussionmodel.php#L3270-L3275

The way batch comment deletion by job is implemented makes the model dependent on permissions and controller endpoints. One can no longer call DiscussionModel::deleteID to delete a discussion programatically without a session, because the API controller checks permissions again.

Ideally, the discussion model should have no knowledge about API endpoints or permissions.

bleistivt avatar Feb 21 '21 16:02 bleistivt

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Apr 16 '22 13:04 stale[bot]

Still relevant.

bleistivt avatar Apr 16 '22 14:04 bleistivt