Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-27389

Cleanup API methods so data is fetched from caches rather than being passed in

    XMLWordPrintable

    Details

    • Type: Task
    • Status: CLOSED
    • Priority: Major
    • Resolution: No Resources
    • Affects Version/s: None
    • Fix Version/s: 2.9.1
    • Component/s: Profile
    • Labels:
      None

      Description

      Currently we have methods like:
      public boolean isUserXAbleToBeMessagedByUserY(String userX, String userY, boolean friend);

      where the data is passed in. However someone could fake the friend status, or even the userY value. This wouldn't happen in the tool, but it could be used by an external service.

      This data should instead be looked up. It is all cached now so the performance aspect should be ok.

      We should look at removing the userY if that would work, we need to audit and see if the userY is ever passed in as someone other than the current user. I'm not sure why that would happen though. If we can remove it then we could do:

      public boolean isUserAbleToBeMessagedByCurrentUser(String userUuid);

        Gliffy Diagrams

          Zeplin

            Attachments

              Issue Links

                Activity

                  People

                  Assignee:
                  Unassigned Unassigned
                  Reporter:
                  steve.swinsburg Steve Swinsburg
                  Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                    Dates

                    Created:
                    Updated:
                    Resolved:

                      Git Integration