Yes in general this case has been handled, as far as the concerned services are the ModelServices. I'm not too sure if this is the case with the ClientAPI services as I haven't looked at them. If Scott can confirm this, it'll be great.
However, in some specific cases, I wasn't too sure of the logic for checking if the user has privileges to update the object in question. In these case, I've given access since I didn't want to throw an error that could have slowed down the UI development. I've also added "TODO" comments in these methods (in ServiceImpls) to review it later and I think someone should review it when they get time before Monday. -- You received this bug notification because you are a member of MUGLE Developers, which is a direct subscriber. https://bugs.launchpad.net/bugs/786016 Title: Direct Access to Services from client side Status in Melbourne University Game-based Learning Environment: Triaged Bug description: While Prageeth has coded the casting of shared objects to datastore objects to have security checks, these can be bypassed by calling the shared services directly. The type of these classes should be changed to Protected if possible to avoid this -- Mailing list: https://launchpad.net/~mugle-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~mugle-dev More help : https://help.launchpad.net/ListHelp
