if (ctx.options.skipAccess) {
debug('skipAccess: true - skipping access filters');
return next();
}
// Do not filter if the request is being made against a single model instance.
if (_get(ctx.query, 'where.id')) {
debug('looking up by Id - skipping access filters');
return next();
}
These two access bypass mechanisms are undocumented and could expose data to unauthorised users.
Document these bypass mechanisms
Allow users to disable these through configuration options.
These two access bypass mechanisms are undocumented and could expose data to unauthorised users.