We recently rolled back a change which added filter restrictions to to-one association joins and to the find() method. The reason we rolled it back was because it had the potential to corrupt to-one associations, causing them to be set to null.

We’ve noted several times that it does actually make sense to apply the filter condition to the where clause of a query resulting from find() (though not to the on conditions which join to-one associations).

This has come to a head, since users are complaining that this almost amounts to some kind of a “security” hole since filters are used to implement discriminator-based multi-tenancy.

I agree, and I think we need to fix this.

The question I’m not certain about is this: do we make this the new default behavior for filters, changing the semantics that have been around for an extremely long time, or do we make this new behavior an opt-in thing?