Ticket #489 (closed Defect: fixed)

Opened 7 years ago

Last modified 7 years ago

Redesign topic/association permission delivery

Reported by: jri Owned by: jri
Priority: Major Milestone: Release 4.2
Component: DeepaMehta Standard Distribution Version: 4.1
Keywords: Cc: dgf, Malte
Complexity: 5 Area:
Module: deepamehta-accesscontrol

Description

There is a bug: once the user's login status changes the browser cache still holds the old permissions that are cached along with the topics/associations.
As a consequence e.g. after login a topic is not editable as long as the browser cache is reset (resp. reload is pressed several times). See #478.

Solution: the Access Control module must *not* deliver the permissions along with the topic/association (in the composite value). Instead the Webclient must request the permissions separately via the Access Control service.
To reduce the number of requests the Access Control module could maintain its own client-side cache for the permission information, and invalidate it once the user's login status changes.

Change History

comment:1 Changed 7 years ago by jri

  • Status changed from new to accepted

comment:2 Changed 7 years ago by jri

  • Status changed from accepted to closed
  • Resolution set to fixed

Access Control: fix permission cache (#489, #478).

The Access Control module does *not* deliver the permissions along with the topic/association (in the composite value). Instead the Webclient requests the permissions separately via the Access Control service.

To reduce the number of requests the Access Control module maintains its own client-side cache for the permission information, and invalidates it once the user's login status changes.

This fixes the bug of stale permissions (due to browser caching) once the user's login status changes.

=> For the first time since introduction of timestamps, edit conflict detection, and browser caching DM should be in a good shape now. Please give it a try and report any problems.

Access Control API has 1 new method:

  • Server-side: Permissions getAssociationPermissions(long assocId)
  • RESTful: GET /accesscontrol/association/{id}
  • Cliet-side: dm4c.restc.get_association_permissions(assoc_id)

Close ticket 489.
See ticket 478.

Changeset: b9170f2d85ab6dcc108af1e2497dd6c94b869af4

Note: See TracTickets for help on using tickets.