cubicweb #2932033 [security] consider operation checking only in securityafterupdateentity hook [validation pending]
As of today, the entity is checked in the hook, and if Unauthorized the check is deferred to an Operation (hoping that things will work better at this time).
I contend that this strategy is too costly for the case when only an operation will yield a successful permission check, and that this case is quite common.
I propose we drop the immediate permission check and only defer to the operation.
|closed by||#e1369f2dba79 [hooks/security] Defer entity permission checks to an Operation.|
|patch||[doc/book/security] update description of entity update (Related to #2932033) [applied][hooks/security] Defer entity permission checks [applied]|