Please sign in to comment.
fix(access): updates no longer mistakenly blocked in some scenarios
In order to fix `canEdit()` in 1.9, `update()` needed to load a fresh copy of entity from the DB to check the persisted attributes. In that fix, 66eb9e6, a corner case was checked out of my paranoia that a dev would load an invisible entity with access control on, but try to delete it with access off. I now believe this check was unnecessary (we never did similar checks for `delete()`). When the original `canEdit()` attributes issue was resolved in
- Loading branch information...
Showing with 57 additions and 15 deletions.