NiklasHansen
commented
12 years ago Currently the system behaves like this:
When trying to get information about a movie, it checks whether or not the movie has been released. If it hasn't, and it isn't the owner of the movie trying to get the information, the list of editions will be stripped, before it gets send to the client.
Want we would want to do, is to limit the system for content providers to only his/her own movies. That means that a content provider wouldn't be able to see any information about movies that he/she doesn't own, as they don't need that information anyway.
Currently they can see the same information as a normal user can (+ editions for his/her own unreleased movies), with the exception of GetMovies() that only returns a content provider's own movies.
This feature is not essential for the system, and is not a security concern. Because of that, it won't be fixed before release.
Currently GetMovies returns only a provider's own movies. These checks are non-existing in every other method in the system, so to make it more consistent and a wee bit more safe, this logic should be applied to every method.