Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review how Access::doAsSuperUser is used, and see how to use it less #6875

Open
mattab opened this issue Dec 18, 2014 · 0 comments
Open

Review how Access::doAsSuperUser is used, and see how to use it less #6875

mattab opened this issue Dec 18, 2014 · 0 comments
Labels
c: Platform For Matomo platform changes that aren't impacting any of our APIs but improve the core itself. c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
Milestone
Priority Backlog ...

Comments

@mattab
Copy link
Member

mattab commented Dec 18, 2014

The goal of this issue is to investigate the use of Access::doAsSuperUser

Notes from @tsteur

  • when posting events it does not even describe that the code will be run as superuser. Who knows what plugin developers do there, they can't expect something like this...
  • in general we should not have to use this at all, only under very rare circumstances. It usually just that there is a problem somewhere else. In this case one could simply call the Model to get the data instead of the API and the doAsSuperUser is no longer required.
  • there is also still the command thing that runs all the commands as super user
  • check super user access is resetted when a wrong token auth is given
@mattab mattab added Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change. c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. c: Platform For Matomo platform changes that aren't impacting any of our APIs but improve the core itself. labels Dec 18, 2014
@mattab mattab added this to the Short term milestone Dec 18, 2014
@mattab mattab modified the milestones: Short term, Mid term Apr 7, 2015
@mattab mattab modified the milestones: 3.0.0, Long term May 6, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c: Platform For Matomo platform changes that aren't impacting any of our APIs but improve the core itself. c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
Projects
None yet
Milestone
Priority Backlog (Help wanted)
Development

No branches or pull requests
1 participant
@mattab