Annotate
usermanager: Remove concept of global authz provider
Rationale:
- Removes a bunch of code!
- We don't have many cases where an actor is not bound to one of our hosts
- A notable exception is the admin shell, but if we ever attempt to lock those
sessions down, there is a load of other work that also has to be done. And
it's not clear if we would need a global authz provider for that anyway.
- Removes an extra edge case from the necessary mental model for operators
- Sessions that aren't bound to a host generally are anonymous or have an
alternative auth model (such as by IP addres).
- With the encapsulation now provided by util.roles, ad-hoc "detached roles"
can still be created anyway by code that needs them.
| author |
Matthew Wild <mwild1@gmail.com> |
| date |
Fri, 12 Aug 2022 16:21:57 +0100 |
| parent |
11706:56feb0cf7052 |
| child |
13191:1266efb7101c |
| rev |
line source |
|
11706
|
1 root = true
|
|
|
2
|
|
|
3 [*]
|
|
|
4 end_of_line = lf
|
|
|
5 indent_style = tab
|
|
|
6 insert_final_newline = true
|
|
|
7 trim_trailing_whitespace = true
|
|
|
8
|
|
|
9 [CHANGES]
|
|
|
10 indent_size = 4
|
|
|
11 indent_style = space
|
|
|
12
|
|
|
13 [configure]
|
|
|
14 indent_size = 3
|
|
|
15 indent_style = space
|
|
|
16
|
|
|
17 [**.xml]
|
|
|
18 indent_size = 2
|
|
|
19 indent_style = space
|
