We have a problem with can.Model.store maintaining single instance of model objects.
We have authorization framework implemented on different properties of a shared model object.
For example, A user can see certain properties of shared model object(say Application model object) only if has authorization on those properties.
Scenario
- I login in as User1 who has all privileges on Application model object and hence API returns all properties for Application model object
- Now I logout as User1 and login in User2 who doesn’t have all privileges on Application model object and API doesn’t return all properties of Application model object but as can.Model.store already has object returned in previous call User 2 is able to see all properties.