Ticket #489 (closed Defect: fixed)
Redesign topic/association permission delivery
Reported by: | jri | Owned by: | jri |
---|---|---|---|
Priority: | Major | Milestone: | Release 4.2 |
Component: | DeepaMehta Standard Distribution | Version: | 4.1 |
Keywords: | Cc: | dgf, Malte | |
Complexity: | 5 | Area: | |
Module: | deepamehta-accesscontrol |
Description
There is a bug: once the user's login status changes the browser cache still holds the old permissions that are cached along with the topics/associations.
As a consequence e.g. after login a topic is not editable as long as the browser cache is reset (resp. reload is pressed several times). See #478.
Solution: the Access Control module must *not* deliver the permissions along with the topic/association (in the composite value). Instead the Webclient must request the permissions separately via the Access Control service.
To reduce the number of requests the Access Control module could maintain its own client-side cache for the permission information, and invalidate it once the user's login status changes.
Change History
comment:2 Changed 12 years ago by jri
- Status changed from accepted to closed
- Resolution set to fixed
Access Control: fix permission cache (#489, #478).
The Access Control module does *not* deliver the permissions along with the topic/association (in the composite value). Instead the Webclient requests the permissions separately via the Access Control service.
To reduce the number of requests the Access Control module maintains its own client-side cache for the permission information, and invalidates it once the user's login status changes.
This fixes the bug of stale permissions (due to browser caching) once the user's login status changes.
=> For the first time since introduction of timestamps, edit conflict detection, and browser caching DM should be in a good shape now. Please give it a try and report any problems.
Access Control API has 1 new method:
- Server-side: Permissions getAssociationPermissions(long assocId)
- RESTful: GET /accesscontrol/association/{id}
- Cliet-side: dm4c.restc.get_association_permissions(assoc_id)
Close ticket 489.
See ticket 478.
Changeset: b9170f2d85ab6dcc108af1e2497dd6c94b869af4