@mattab opened this Issue on December 18th 2014 Member

The goal of this issue is to investigate the use of Access::doAsSuperUser

Notes from @tsteur

  • when posting events it does not even describe that the code will be run as superuser. Who knows what plugin developers do there, they can't expect something like this...
  • in general we should not have to use this at all, only under very rare circumstances. It usually just that there is a problem somewhere else. In this case one could simply call the Model to get the data instead of the API and the doAsSuperUser is no longer required.
  • there is also still the command thing that runs all the commands as super user
  • check super user access is resetted when a wrong token auth is given
Powered by GitHub Issue Mirror