Hard-coded IS_RESTRICTED exceptions, move to RES_PACKAGE.
The current RestrictionException API wasn't final enough to
reveal in the next platform release, and is only being used
by a single party. In addition, the original approach
required the sync adapter to assert any granted exceptions
during each update pass. There was also additional overhead
of watching for PACKAGE_ADDED and PACKAGE_REMOVED broadcasts
for clearing any applicable exceptions.
Finally, since this is a critical security element, we
really wanted to avoid storing the exceptions in another
SQL table that may be altered through an unknown SQL
attack vector. For now, the packages granted IS_RESTRICTED
access should be manually entered in sAllowedPackages.
This change also cleans up some projection mappings, and
minor fixed to prepare for a pending framework change.
8 files changed