Default SomeModel::GetSomething() behaviour
Whenever I write a plugin that uses DiscussionModel::GetID or CommentModel::Get at some time during code writing, I remember I have to restrict the results based on the permissions of the current user. But I finish my plugin first and one of the last steps is the implementation of the restriction. I know that this is a bad habit and I should change that, but to be honest: I think permission check should be part of the models functions.
Is it on purpose, that nearly all Get-queries do not respect permissions by themselves?
I would welcome something like it could be found in decho() for all models get functions
public function Get(..., $Permission = false) and default results will be filtered by user permission. Only if there is the need for unfiltered results, the calling function has to specify a $SomeModel->Get(...,true).
I'd happily begin creating pull requests if the Vanilla developer team says, that those PRs have a chance to be accepted. It would break the current logic and thus being a major change, but I can only think of very exotic cases, when those queries shouldn't respect the users permissions and so I think the impact of that change would be very small. What do you think about that?