Florent Vilmart 6b36ce1bb5 Ensure User ACL's are more flexible and secure #3588 (#4860) ...

* Fixes an issue that would let the beforeDelete be called when user has no access to the object

* Ensure we properly lock user

- Improves find method so we can attempt to read for a write poking the right ACL instead of using masterKey
- This ensure we do not run beforeDelete/beforeFind/beforeSave in the wrong scenarios

* nits

* Caps insufficient

2018-08-12 17:49:09 -04:00

12 KiB

Raw Blame History

View Raw