esme-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Hirsch <hirsch.d...@gmail.com>
Subject Re: Deleting user from access pool
Date Sun, 04 Oct 2009 08:39:23 GMT
Added the use case to the Jira item:
https://issues.apache.org/jira/browse/ESME-87

D.

On Sun, Oct 4, 2009 at 6:33 AM, Xuefeng Wu <benewu@gmail.com> wrote:
> Is there any user case I can test after have add patch for this?
>
>
> 2009/10/2 Vassil Dichev <vdichev@apache.org>
>
>> @David pools are not name-based, but currently there's validation
>> during creation (both via Web UI and REST-like API) so that one cannot
>> create a pool with the same name. It would be confusing for the user,
>> but if this validation is removed, it would be possible to have pools
>> with the same name.
>>
>> @Xuefeng Instead of having two fields (respectively two database
>> columns)- one to indicate read/write/admin permission and one for
>> disabled/enabled, you could have one field (and one database column)
>> with read/write/admin and *no* permission. This way we avoid the
>> situation when there's e.g. admin permission set, but disabled turned
>> on. You not only must never forget to check both for permission *and*
>> validity, but also find all existing queries in the code and check if
>> they include validity checks.
>>
>> Furthermore, you avoid some tricky issues. How do you find all users
>> with admin privileges? You find privileges which have value Admin and
>> validity is set to true. What about the ones with non-admin
>> privileges? Ones with privileges which either don't have value Admin
>> or ones for which validity is false? Wrong! With so many checks it's
>> easy to forget that users with no privilege are effectively the same
>> as ones which have validity set to false. And for issues like ESME-66
>> you have to do this same check twice- once for the current user, and
>> once for all other users. Seems to me it's complicated enough even
>> without multiple states that mean the same thing.
>>
>> Vassil
>>
>
>
>
> --
> Global R&D Center,Shanghai China,Carestream Health, Inc.
> Tel:(86-21)3852 6101
>

Mime
View raw message