Skip to content

Make keyword handlers use controllers

paz requested to merge paz/keyword-handlers-use-controllers into release-4.0

Use resource controllers in keyword handlers, or authorize directly with the Authorizer, instead of looking at keywords_admin_only.

This re-defines some associations between Account, Subscription, and List, in order to make them work with non-persisted accounts.

We need non-persisted accounts because when authorizing from emails there might be no account yet, and as we can't set a password we can't save the account. (And we don't want to save the account with a random password to avoid brute force opportunities.)

This also introduces the protection of the last list-admin against being deleted/unsubscribed (was only implemented in the keyword-handler before).

Edited by paz

Merge request reports