bc6f7e4bdc
Ideally, only User associated with the global request should be associated with UserAuthority. For a random user instance, not the current performer, checking permissions should be based solely on user groups and perhaps an existing block. Right now however, PermissionManager is coupled with global request, so we still instantiate a UserAuthority for non-current users. This mimics the behaviour we've had before. As we refactor PermissionManager, we will be able to replace Authority implementation in this case, or even entirely prohibit non-performer authority. Bug: T271459 Depends-On: Iebf2dca34eea751391d9740443c195287399aa5c Change-Id: Ib094e498fd883db23f2763f171281b1c9e99217e |
||
|---|---|---|
| .. | ||
| api | ||
| includes | ||
| languages | ||