Ticket #990 (closed Defect: fixed)

Opened 5 years ago

Last modified 5 years ago

dm4-accesscontrol: privileged createMembership call needs to return the assoc

Reported by: Malte Owned by: jri
Priority: Major Milestone: Release 4.8.2
Component: DeepaMehta Standard Distribution Version: 4.8.1
Keywords: Cc: jri, dgf, JuergeN
Complexity: 3 Area: Application Framework / API
Module: deepamehta-accesscontrol

Description

Since this call is privileged and creates an association it should return the association to allow any workspace assignment for this new membership assoc.

This method must return this assoc because subsequent "ordinary fetches" (unprivileged) going for this assoc may fail (e.g. the workspace the membership is related to is confidential or private) leaving that assoc in an undesired state (without any workspace assigned).

Change History

comment:1 Changed 5 years ago by jri

Workspace assignment of a Membership is special: DM always assigns a Membership to the very workspace involved in that Membership. A workspace cookie is not relevant. This is the desired behavior.

Here you're addressing actually a bug: the desired behavior is shown only when creating a Membership interactively in the Webclient, not when creating a Membership programatically.

I'll fix this bug very soon.
The createMembership() method would still return nothing.

Would this work for you?

Minor hint about wording: I would not call the createMembership() method privileged, but being under access control, just like all calls plugins can make. Privileged calls on the other hand are actually the opposite: they are privileged to bypass the access control system. DM plugins have access to privileged methods exclusively through the Core's AccessControl object. (Not all AccessControl calls are privileged however.)

comment:2 Changed 5 years ago by jri

BTW: thank you for reporting!
:-)

comment:3 Changed 5 years ago by Jörg Richter <jri@…>

In 53267b05d8039c52b935faa33449ffcf4c6ba566/deepamehta:

Fix Membership workspace assignment (#990).

Programatically created Memberships get a workspace assignment.

Note: a Membership is always assigned to the very workspace the Membership is about.
A workspace cookie is not relevant.

See #990.

comment:4 Changed 5 years ago by jri

  • Status changed from new to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.