Ticket #990 (closed Defect: fixed)
dm4-accesscontrol: privileged createMembership call needs to return the assoc
Reported by: | Malte | Owned by: | jri |
---|---|---|---|
Priority: | Major | Milestone: | Release 4.8.2 |
Component: | DeepaMehta Standard Distribution | Version: | 4.8.1 |
Keywords: | Cc: | jri, dgf, JuergeN | |
Complexity: | 3 | Area: | Application Framework / API |
Module: | deepamehta-accesscontrol |
Description
Since this call is privileged and creates an association it should return the association to allow any workspace assignment for this new membership assoc.
This method must return this assoc because subsequent "ordinary fetches" (unprivileged) going for this assoc may fail (e.g. the workspace the membership is related to is confidential or private) leaving that assoc in an undesired state (without any workspace assigned).
Note: See
TracTickets for help on using
tickets.
Workspace assignment of a Membership is special: DM always assigns a Membership to the very workspace involved in that Membership. A workspace cookie is not relevant. This is the desired behavior.
Here you're addressing actually a bug: the desired behavior is shown only when creating a Membership interactively in the Webclient, not when creating a Membership programatically.
I'll fix this bug very soon.
The createMembership() method would still return nothing.
Would this work for you?
Minor hint about wording: I would not call the createMembership() method privileged, but being under access control, just like all calls plugins can make. Privileged calls on the other hand are actually the opposite: they are privileged to bypass the access control system. DM plugins have access to privileged methods exclusively through the Core's AccessControl object. (Not all AccessControl calls are privileged however.)