The policy is currently that the user is allowed to undo transactions that were initiated by any member of the user folder where the user is defined. Should this be changed?
This policy has carried over to the updated undo mechansim which now makes use of getPhysicalPath() instead of AUTHENTICATION_PATH. The physical path of the user folder is now stored as a tuple in the transaction metadata. However, the transaction filter can still recognize and use the former metadata format.
With the new transaction metadata, it is required that all user
management implementations wrap the user object before returning it
validate(). This can be done easily: