When a user has an active session only the apps that are enabled for the
user are initially loaded. In order to cache the routes the routes for
all apps are loaded, but routes defined in routes.php are taken into
account only if the app was already loaded. Therefore, when the routes
were cached in a request by a user with an active session only the
routes for apps enabled for that user were cached, and those routes were
used by any other user, independently of which apps they had access to.
To solve that now all the enabled apps are explicitly loaded before
caching the routes.
Note that this did not affect routes defined using annotations on the
controller files; in that case the loaded routes do not depend on the
previously loaded apps, as it explicitly checks all the enabled apps.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
After this change, we are down to only one psalm warning for this app
and related to the Application.php. This also make composer
psam:update-baseline not silently ignore new errors.
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
This allows adding rate limiting via annotations to controllers, as one example:
```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```
Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Daniel Calviño Sánchez
Ferdinand Thiessen
provokateurin
Andy Scherzinger
Côme Chilliet
Joas Schilling
Carl Schwan
John Molakvoæ (skjnldsv)
Christoph Wurst
Morris Jobke
Roeland Jago Douma
Lukas Reschke