Removing access control from metadata in 3.0?

Looking ahead at least a year to 3.0, I'm proposing (and have a patch for) ignoring access control on metadata ("MD"). The shape of the API would not change at all, but access_id would always be public, and we wouldn't check it in queries.

My case for doing so:

  1. The overwhelming use of MD is via property access, which makes it look like simple value storage. But it's not.
  2. So MD access_id is very seldom considered, and developers can be surprised when it's hidden in some contexts.
  3. Hidden MD can cause multiple values to be returned as a single value.
  4. Anecdotally, many devs who use custom queries involving MD (or copy them into Solr), do not take into account the access_id values anyway.
  5. Only user profile fields rely on MD access, and I've trivially ported them to annotations in a BC way.
  6. MD access control worsens performance of very common queries (we fetch MD for every entity).
  7. MD access control forces us to ignore useful MD data loaded during the boot process.

The downsides:

  1. Plugins writing to user profile fields would need to write to annotations also (simple change).
  2. Plugins using other metadata with access control would need to similarly port to annotations, but this is very easy.

If we decide to do this, sometime in 2.x setting the access_id of metadata to anything other than ACCESS_PUBLIC will cause a deprecation notice (if you're logging them; these are no longer displayed). I suspect 99% of MD usage is already ready for 3.0.

What do you think?

Feedback and Planning

Feedback and Planning

Discussions about the past, present, and future of Elgg and this community site.