Bug 730199
Summary: | User security permissions are cached and require logout/login to refresh when changes are made | ||
---|---|---|---|
Product: | [Retired] Zanata | Reporter: | Akira TAGOH <tagoh> |
Component: | Component-UI | Assignee: | Carlos Munoz <camunoz> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Joyce Chang <jochang> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | camunoz, jwulf, petersen, sflaniga, zanata-bugs |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | 1.6-alpha-1 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Zanata version 1.6-SNAPSHOT (20120321-1619) | Doc Type: | Bug Fix |
Doc Text: |
Cause: Authorization checks were made by querying the security entity representing the user. However, when a user is made an owner of the project, the user entity is not updated, the project entity is updated. The user entity is only updated when the user logs in.
Consequence: When a user was given ownership of a project, they had to log out and log back in again before Zanata would authorize them as the owner of the project.
Fix: The authorization check is now made by querying the project entity, rather than the user entity.
Result: Users no longer have to log out and log back in again to update their authorizations when they are assigned ownership of a project.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-22 00:58:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Akira TAGOH
2011-08-12 06:27:58 UTC
As following document shown: http://zanata.org/docs/html/chap_request_project.html Re-login is essential. (In reply to comment #2) > As following document shown: > > http://zanata.org/docs/html/chap_request_project.html > > Re-login is essential. That's not a solution but a workaround for the wrong behavior. if re-sign in is essential, zanata should at least prompt to let users do so such as by expiring the session and shouldn't allow one playing it around until re-signing in. Is there a way in Seam to force the reloading of the logged-in users security permissions? If there is, then we could put in a button to effect that, or we could call it on any page where it will be needed, like a project page. I couldn't find it in a quick search, but yes, there must be some way of doing it. Ideally we would invalidate the permissions cache whenever the roles are changed. Failing that, we could at least give admins a button to clear the entire cache on demand. Assigning to Scrum product owner for prioritisation. This bug is corrected by changes in bug 727789. The problem was that changes done to the project maintainers were not being reflected in the entities held by the security framework. I changed the way Zanata checks the maintainer status of a user against a project. Instead of checking on the person side, it now checks on the project side, which should have the latest information always, hence no need to log out anymore. verified in Zanata version 1.6-SNAPSHOT (20120321-1619). Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: Authorization checks were made by querying the security entity representing the user. However, when a user is made an owner of the project, the user entity is not updated, the project entity is updated. The user entity is only updated when the user logs in. Consequence: When a user was given ownership of a project, they had to log out and log back in again before Zanata would authorize them as the owner of the project. Fix: The authorization check is now made by querying the project entity, rather than the user entity. Result: Users no longer have to log out and log back in again to update their authorizations when they are assigned ownership of a project. |