cubicweb #2969377 [security] all add security checks must happen at commit time [open]
Except for group-based security designs, the likeliness of event-time security checking doing the right thing is small since RQLExpression may depend on arbitrary relations being set to grant effective permissions.
The update issue is in another ticket.
|done in||<not specified>|
|closed by||<not specified>|